230 likes | 286 Views
Business Continuity. Business continuity. “Drive thy business or it will drive thee.” — Benjamin Franklin (1706-1790), American entrepreneur, statesman, scientist and philosopher “It is your business when the wall next door catches fire.” — Horatius (65-8 BC), Roman poet. What is a Disaster?.
E N D
Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin (1706-1790), American entrepreneur, statesman, scientist and philosopher “It is your business when the wall next door catches fire.” —Horatius (65-8 BC), Roman poet
What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Sample Disasters • Natural Forces • Fire • Environmental Hazards • Flood / Water Damage • Extreme Weather • Technical Failure • Power Outage • Equipment Failure • Network Failure • Software Failure • Human Interference • Criminal Act • Human Error • Loss of Users • Explosions
What is a Disaster Recovery Plan? A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed upon incidents
business continuity plan: documented procedures that guide organizations to respond, recover, resume, and restore to a pre-definedlevel of operation following disruption • disaster recovery plan: clearly defined and documented plan which recovers ICT capabilities when a disruption occurs • business impact analysis (BIA): process of analysing business functions and the effect that a business disruption might have upon them
The Auditor’s Role in ReviewingBusiness Continuity Planning, Ravi Muthukrishnan • While a BCP refers to the activities required to keep theorganisation running during a period of displacement orinterruption of normal operation, a disaster recovery plan(DRP) is the process of rebuilding the operations orinfrastructure after the disaster has passed. • A DRP is a key component of a BCP, and refers to thetechnological aspect of a BCP—the advanced planning andpreparations necessary to minimise loss and ensure continuityof critical business functions in the event of a disaster. A DRPcomprises consistent actions to be undertaken prior to, duringand subsequent to a disaster.
Terms and definitions • maximum tolerable period of disruption: duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed • recovery time objective: period of time within which minimum levels of services and/or products and the supporting systems,applications, or functions must be recovered after a disruption has occurred • recovery point objective: point in time to which data must be recovered after a disruption has occurred
Types of Strategies • Avoidance Strategy • Redundant configuration to avoid incidents • Site harden facilities to resist incidents • Redundant utilities and hardware • Automated operation recovery plan • Mitigation Strategy • Early warning detection • Contractual agreements with vendors • Mirrored data and documents • Detailed migration recovery plan • Recovery Strategy • High level recovery plan • Off-site data storage • Very responsive vendor relationships • Very knowledgeable employees Types of Strategy Options • Hot site • Cold site • Self Backup • Service Bureau • Reciprocal Agreement
Criteria for a Critical Business Function • Timing Requirements • Minutes • Hours • Days • Weeks • Quarters • Special Situations Cost of Control vs. Impact Cost of Impact $ Cost of Control $ Impact Cost
Wide Area Clustering Site Migration Failover Replication