310 likes | 635 Views
Disaster Recovery (Business Continuity Planning) Tim Babco. AGENDA. What is BCP? Key BCP Components How to Implement? How to Maintain? Effort Required Value Obtained Q&A. Who is Poolcorp?.
E N D
AGENDA • What is BCP? • Key BCP Components • How to Implement? • How to Maintain? • Effort Required • Value Obtained • Q&A
Who is Poolcorp? • World’s largest distributor of swimming pool supplies, equipment and related leisure products • ~$2 billion in revenues • >3,600 employees; 285 locations; 8 countries • >100,000 products • >70,000 customers • Headquartered in Covington, Louisiana Headquarters in “Hurricane Alley”
What is BCP? • Task of identifying, developing, acquiring, documenting, and testingprocedures and resources that will ensure continuity of a firm's key operations in the event of an accident, disaster, emergency, and/or threat. It involves: • Risk mitigationplanning (reducing possibility of the occurrence of adverse events) • Business recovery planning (ensuring continued operation in the aftermath of a disaster) Keep the business running successfully
What is BCP? • Business Continuity Planning (BCP) and Disaster Recovery (DR) are often used synonymously • Continuum: Enterprise Individual • Corporate functions • Remote locations • Succession Planning • Prevent and Recover Keep the business running successfully
Key BCP Components • Needs assessment • Employees • Communications • IT Infrastructure • Recovery site logistics • Third party information • Supplies • Pre-event protection steps • Trigger points • Municipal, state, federal interaction and updates Many important facets
Needs Assessment • RTO – Recovery Time Objective • Amount of down time for each critical function before outage threatens company survival • RPO – Recovery Point Objective • How old can the data be before it is so out of date that recreation is not practical or possible • Consider Time of Year, Month, etc. • Economic Benefit • Cost of protection vs. cost of down time • Hard costs and opportunity costs Clearly define what’s important
Employees • Current and complete contact information Know how to reach employees
Employees • Current and complete contact information Employees know key BCP contacts
Employees • Personal BCP plan • Home • Belongings • Immediate family members • Extended family members • Pets, livestock Employees can’t be productive if worried about personal items
Employees • Roles • Executive team • Make decisions • Delegations of authority • Communications team • Internal • External Execute quickly and correctly
Employees • Roles • Core team • Coordinate detailed plan execution • Tiered response teams • Tier 1 – IT only; sent when disaster impact predicted • Tier 2 – Employees with critical functions; sent when disaster impact is imminent • Tier 3 – Important functions; work better as group; sent after significant impact realized • Tier 0 – Can work remotely as situation unfolds Avoid the scattered workforce
Communications • Voice • Potential issues • Land lines may be out • Cell phones may be out • Solutions • Satellite phones • Private 2-way radios • IP telephony virtual phone system • Call centers • Key support teams • High risk locations Ability to verbally communicate
Communications • Voice • Dedicated toll-free BCP lines • Employee information line • Command conference line • Regularly scheduled, daily conferences Ability to verbally communicate
Communications • Data • Choose the right circuit provider • Have redundant data circuits • Different providers; different routes • Broadband wireless capabilities Ability to access business systems
Communications • Data • Portable satellite systems Ability to access business systems
Communications • Messaging • Text messaging • E-mail • Web access from anywhere • BCP web site – externally hosted Remotely connect & send/receive updates
IT Infrastructure • Backup power – Battery, Generator and fuel • Offsite tape rotations (e.g. Iron Mountain) • Low risk data center location • Redundant data centers • Co-location • Cold failover facility (e.g. Sungard) • Full mesh network Just like insurance policies
IT Infrastructure PoolCorp Global Wide Area Network High speed, secure access from anywhere
IT Infrastructure • Choose good partners • Corporate grade equipment and solutions • High reliability • Fast response time • Available technical support staff • Cost competitive • Willingness to go “above and beyond” Only as good as the weakest link
Recovery Site Logistics • Central command/recovery center • Wireless • Size • Proximity From chaos to recovery in hours
Recovery Site Logistics • Laptops for key employees • Remote connectivity (VPN) • Transportation • Housing – hotels, apartments • Childcare • Schools • Kennels (house hold pets only) • Expense reporting • Cash advances Employees can quickly be productive
Third Party Information • Vendors • Consultants • Financial institutions • Investors • Governmental agencies • Media • Board members Fast access to key parties
Supplies • First aid • Portable generators • Extension cords • Flashlights and batteries • Tarps • Tools (e.g. chain saws) • Ice coolers • Bottled water and non-perishable food • Energy drinks Ability to ride out DR events
Pre-event Protection Steps • Full equipment inventory • Protect equipment and information • Unplug electronics • Move electronics off of floor • Safeguard important paperwork • Close blinds and doors • Take critical items if planned evacuation • Focus on safety if unplanned event Attempt to minimize loss
Trigger Points • Define for all predictable events • Example: 9-step hurricane process • Storm enters gulf • Projections converge with New Orleans in cone • Within 4 days of landfall; still in cone • Within 3 days of landfall; still in cone • Within 50 hrs of landfall; still in cone; material impact imminent • Within 40 hrs of landfall; still in cone; material impact imminent • Within 30 hrs of landfall; still in cone; material impact imminent • Next 36 hrs during/after storm • Authorities give “all clear” to return home Know what to do and when to do it
Municipal, State, Federal Interaction • Participate in municipal DR planning/testing • Get to know local and state officials • Know evacuation routes • Placards to re-enter impact areas Take advantage of available help
How to Implement • Start with basics • Focus on critical systems, functions, people • Use available “free” help and templates • Hire consultants if needed • Train and communicate • Annual testing • Validation of tape backups • Failover to backup facility • User validation • Signed acceptance forms Audit Create Update Test Don’t be overwhelmed
Effort Required • 300-400 hours can get you started • 100-200 hours annually to test/audit • 100-200 hours annually to enhance/update • 5 person “core team” • Senior Management Sponsor • Project manager • Tech writer • IT manager • Logistics/facilities coordinator It can be a reasonable effort
Value Obtained – Basic BCP Plan • Creating the initial plan: $15-20K • Annual updates and testing: $10-20K • Annual infrastructure costs: $200K • Peace of mind during a disaster: Priceless The best insurance policy you’ll ever buy!
QUESTIONS ? QUESTIONS ? Tim Babco(985)801-5230tim.babco@poolcorp.com