1 / 30

HIAA Forum 2003

HIAA Forum 2003.

becka
Download Presentation

HIAA Forum 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIAA Forum 2003 This presentation was given at the AAHP / HIAA National Forum on November 11, 2003. “HIAA” – Health Insurers Association of America and “AAHP” - American Association of Health Plans members were attendees. These two associations’ members provide health care insurance to over 200 million Americans nationwide. Presentation attendees included CEO’s, line managers and operations and technology executives. The presenters, John Schladweiler & David Adolphson, provided case study results and steps to take to ensure recoverability in the event of a disaster. If you would like to discuss this presentation, contact information is provided on page 26. Feedback is welcome.

  2. Planningfor theUnthinkable…Disaster Recovery & Business Continuity Las Vegas, Nevada November 11, 2003 2003 HIAA FORUM tomorrow’s SOLUTIONS INNOVATIONS today’s

  3. Agenda • Introductions • John Schladweiler • Dave Adolphson • Planning for the Unthinkable • Why Listen? • Traditional Approach • Business Issues • Best Practices • Business Impact Analysis • What Should You Do? • Questions / Discussion i

  4. Planning for the Unthinkable…Why Listen? John Schladweiler • IT Strategy Consultant • Former SVP of leading recovery services company • Networked Recovery Solutions when Chicago Tunnel Flooded • CNN Business Insight Program after AT&T Cable Cut • WTC Bombing in 1991 – Workarea Recovery • Top 3 Global Bank Plan for Addressing RTO Dave Adolphson • IT Consultant • Former VP of IT Planning for major insurance company • Designed and Implemented Business Resumption Plans for Insurance • Tracked 911 resumption efforts • Directed virus disinfection and recovery efforts Experience 1

  5. $ Delivery Time Planning for the Unthinkable…Why Listen? Basic ways enterprises have addressed business resumption planning without overspending • Fortress • Redundancy • Business Interruption Insurance “But I already have a Disaster Recovery Plan” 2

  6. Planning for the Unthinkable…Why Listen? CEO Survey (April 2003): Terrorism, Disaster On-Time, On-Budget Spend Right Amount IT Management CIO Informs CEO IT Supports Change IT Strategically Aligned Competitive Advantage Info Security/Privacy Investment Value 4 0 2 3 1 Confident/Good Concerned/ Not Good 3 Source: CEO Counselors, Inc. www.ceocounselors.com

  7. Planning for the Unthinkable…Why Listen? • Impacts: • Payors • Brokers • Employers • Providers • Insureds Real Time IT now supports external business processes New Old Batch Back Office Front Office Changing Business Model 4

  8. Data Center Hot Site Primary Office Office 2 Traditional Approach • Components: • Data Centers • Mainframes • Servers • Infrastructure • Network - Internal • Network - External • Offices/Call Centers Alternate Sites 5

  9. Data Center Hot Site Cold Site Redundant Site Load Balanced Site Remote Management Network Alternate Routes Dial Back Up Self Healing Remote Management Data Back Up Electronic / Not Paper Weekly, Incrementals Real Time by Transaction Mirrored at Alternate Site Remote Management Office Workstations Infrastructure Call Centers “Safe” Distance Away Traditional Approach Implementation Choices 6

  10. Traditional Approach The Norm: Back Ups Weekly + Incrementals Daily Data Protection & Recovery Criteria 7

  11. Traditional Approach • Disaster Recovery Plan • Proceduralized Plan • Multiple Contingencies / What If’s • Tested at Least Annually • Jointly Owned: IT & User Departments • Disaster Recovery Budget • IT Expenses Identified • Subset of Actual Total Cost for Recovery Recovery Plan: Tested Regularly 8

  12. Business Issues • Shortcomings of some existing disaster recovery plans: • Network takes too long to recover & has less capacity • Hot sites back up Mainframes, but don’t cover Servers • Timeline to re-build Server infrastructure is long • Data recovery is too slow, and requires re-entering transactions • Still dependent upon paper files • Call Centers are lacking • People • Availability for daily operations v. recovery efforts • Location of interruption may require staff to travel Why it doesn’t Work in Real Life 9

  13. Business Issues • Bunker Model • Centralized business processes for Selling Tickets, Scheduling Flights & Crews • Resumption Time greater than 3 days = Bankruptcy Case 1: Major Airline 10

  14. Business Issues Recovery Timeline Business Process Outage Resume Business Process Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo F I I I F Backup Schedule Restore Environment - F F I, I I Process Missed Days ThFr SSMo TuWe Th Fr Sa • Legend: • F= Full backup • I = Incremental Best Case: 12 Days! Case 2: Top Money Center Bank 11

  15. Business Issues • What would be Benefits of Improving Recovery Strategy? • fromto • Mainframe 4 days 24 hrs • Server infrastructure - rebuild 4 days 24 hrs • (400 servers) • Server data synchronization 14 days 5-7 days • (To 11 pm night before) Case 3: Major Insurance Company 12

  16. Best Practices Elements Jewels • Redundant Working Sites • Data mirroring • Network self healing • Call Centers / Other Support • Varying RTO’s according to business service line • Data - Electronic & Paper • Data - Recovery Point • Network – Data & Voice • People • who know the business Best Practices Approach 13

  17. Best Practices Network Design Redundancy provides continuity for key processes Within region: Out of region: Data Mirror ….... Data Mirror Data Mirror DC2 DC1 DC3 Redundant technology WS1 ….... WS3 WS2 Best Practices Architecture 14

  18. Business Impact Analysis Business Impact Justification Recovery Solution Design & Funding Implementation Choices Cost Estimates Architecture & Feasibility 15

  19. Business Impact Analysis Step 1: Determine the needs of the business • Stakeholders: Impacts: • Payors Cost of resumption, overpayment of claims • Brokers Lost sales • Employers Add to costs, dissatisfaction • Providers Slower receipt of payments • Insureds Slower receipt of claims Determine RTO & RPO - Design to provide varying RTO’s by service category 16

  20. Business Impact Analysis Step 2: Define Architecture Options Best Practice vs. Traditional Compromise • Dedicated Facilities & Infrastructure vs. Shared • Mirrored / Load Balanced Sites vs. separate Production & Backup sites • Self Healing Network vs. Dial Back Up • Multiple Offices Capable of Backing Up One Another vs. Centralized Office • Real time data backup vs. daily incrementals Determine Benefit Cost Tradeoffs & if affordable, adopt best practice 17

  21. Business Impact Analysis Step 3: Look at Implementation Alternatives • Source: • In-houseOutsourceOff-shore • Elements: • Mainframes X • Servers X • Network X X • Offices/Call Centers X X • Client workstations X • Redundant Sites X • Data mirroringX X Sourcing Alternatives 18

  22. Business Impact Analysis Step 4: Summarize RTO Cost by Service Line and Compare to Cost of Outage • 1 day3 days14 days • Mainframe • Server infrastructure • Server data synch • Network • Call Center ______ _______ _______ • TOTAL RTO COST ($): • COST OF OUTAGE ($): Determine Costs for RTO’s 19

  23. Business Impact Analysis Case Illustration: IT TraditionalNear BudgetRecoveryBest Practices $30,000 Entprs Site $500 Hot Site$500 Hot Site 450 Vault Data 150 Servers 200 Mirror Data 50 Work Area _______ ____________________ $30,000 $500 <2%$1,350 5% Exposures: RTO Not perfect shared RPO shared risk for MF All costs in 000’s, exclude staff Representative Costs of moving toward Best Practices Scenario 20

  24. What Should You Do? First steps: • Identify elements of the Business Model that are likely to change due to enterprise direction • Determine & evaluate implications of business model changes for Business Impact Analysis Implications of changing Business Model 21

  25. What Should You Do? RPO Adding Recovery Functions Better Architecture I RTO Understand Options for Implementation 22

  26. What Should You Do? Current/Future Implementation Needs $ Cost of Current/Future Implementations Adequacy of Existing DR Plan $ Cost of Existing DR Plan Balance Needs/Costs of Implementation Considerations 23

  27. DC1 ….... DC3 DC2 Redundant Technology DC Hot Site WS1 WS3 WS2 WS2 WS2 WS1 What Should You Do? Implement justifiable increments for key business lines Determine & evaluate implications of business model changes Identify Business Model elements likely to change Worksteps toward a Best Practices Vision 24

  28. Planning for the Unthinkable… Questions/Discussion 25

  29. Objective – Automation Innovation Management Balancing Process and Technology to Drive Value Planning for the Unthinkable… Dave Adolphson Management Champion Objective-AIM: Automation/Innovation/Management 483 East Oxford Road North Barrington, IL 60010 (847) 381-1516 dwa@objective-aim.com John Schladweiler Innovation Champion Schladweiler Associates, Inc. 1630 Sheridan Road, Suite 8E Wilmette, IL 60091 (847) 853-6190 John@Schladweiler.com It was a pleasure discussing Disaster Recovery & Business Continuity with you today 26

  30. Objective – Automation Innovation Management Balancing Process and Technology to Drive Value Planning for the Unthinkable… Speaker biographies Dave Adolphson: a business-oriented information technology consultant and executive, Dave has focused his career on transforming enterprises through linking information technology, with enterprise objectives. He has a strong track record of reducing total costs, delivering to demanding schedules and budgets, and achieving tangible benefits. Currently a principal of Objective-AIM, Dave has Big Five consulting experience with KPMG, and he has also held senior IT executive roles with Aon, C N A Financial, and Harris Bank. He has spoken and written on related business and information technology topics such as acquiring and retaining profitable customers, justifying investments in information technology, and extending the application of methodology to Expert Systems and web-based implementation projects. John Schladweiler: with 35 years of experience in the IT industry and a blend of vendor, client and consulting experience, he also brings a strong financial background to the assessment of business operations, including his understanding of the economics of existing and emerging technologies and how they can positively impact business opportunities and costs. His experience includes executive management roles with debis IT Services N. A., Realtors Information Network, and Harris Bank as well as engagements with financial services companies including The Equitable, Central Reserve, Chase Bank, and the Board of Trade Clearing Corporation, and also with leading and emerging technology companies, ASPs, and start-up eCommerce and application integration software companies. He serves on the Executive Committee of the Information Systems Management Forum, an organization focused on information exchange among CIO’s. CEO Counselors does research on the relationship a chief executive has with his or her direct reports.  And, we provide a process that a CEO can use to understand the root cause of what is happening. Our current research project explores the value that a business gets from investments in Information Systems and Technology.  A copy of the Survey Report is available at www.ceocounselors.com. 27

More Related