230 likes | 319 Views
Learn about disaster recovery plans, business continuity strategies, and the role of auditors in reviewing business continuity planning. Explore different types of strategies to ensure operational resilience in the face of various disasters.
E N D
Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin (1706-1790), American entrepreneur, statesman, scientist and philosopher “It is your business when the wall next door catches fire.” —Horatius (65-8 BC), Roman poet
What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Sample Disasters • Natural Forces • Fire • Environmental Hazards • Flood / Water Damage • Extreme Weather • Technical Failure • Power Outage • Equipment Failure • Network Failure • Software Failure • Human Interference • Criminal Act • Human Error • Loss of Users • Explosions
What is a Disaster Recovery Plan? A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed upon incidents
business continuity plan: documented procedures that guide organizations to respond, recover, resume, and restore to a pre-definedlevel of operation following disruption • disaster recovery plan: clearly defined and documented plan which recovers ICT capabilities when a disruption occurs • business impact analysis (BIA): process of analysing business functions and the effect that a business disruption might have upon them
The Auditor’s Role in ReviewingBusiness Continuity Planning, Ravi Muthukrishnan • While a BCP refers to the activities required to keep theorganisation running during a period of displacement orinterruption of normal operation, a disaster recovery plan(DRP) is the process of rebuilding the operations orinfrastructure after the disaster has passed. • A DRP is a key component of a BCP, and refers to thetechnological aspect of a BCP—the advanced planning andpreparations necessary to minimise loss and ensure continuityof critical business functions in the event of a disaster. A DRPcomprises consistent actions to be undertaken prior to, duringand subsequent to a disaster.
Terms and definitions • maximum tolerable period of disruption: duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed • recovery time objective: period of time within which minimum levels of services and/or products and the supporting systems,applications, or functions must be recovered after a disruption has occurred • recovery point objective: point in time to which data must be recovered after a disruption has occurred
Types of Strategies • Avoidance Strategy • Redundant configuration to avoid incidents • Site harden facilities to resist incidents • Redundant utilities and hardware • Automated operation recovery plan • Mitigation Strategy • Early warning detection • Contractual agreements with vendors • Mirrored data and documents • Detailed migration recovery plan • Recovery Strategy • High level recovery plan • Off-site data storage • Very responsive vendor relationships • Very knowledgeable employees Types of Strategy Options • Hot site • Cold site • Self Backup • Service Bureau • Reciprocal Agreement
Criteria for a Critical Business Function • Timing Requirements • Minutes • Hours • Days • Weeks • Quarters • Special Situations Cost of Control vs. Impact Cost of Impact $ Cost of Control $ Impact Cost
Wide Area Clustering Site Migration Failover Replication