1 / 48

Business Continuity / Disaster Recovery from a Business Perspective

Business Continuity / Disaster Recovery from a Business Perspective. Dan Esser, CBCP, FLMI 109 Haywood Ct. Columbia, MO 65203 573-234-2948 DEsser5@aol.com. Not just Computer Back-Up. IT functionality - limited usefulness if the rest of the business is not present.

daktari
Download Presentation

Business Continuity / Disaster Recovery from a Business Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity / Disaster Recovery from a Business Perspective Dan Esser, CBCP, FLMI 109 Haywood Ct. Columbia, MO 65203 573-234-2948 DEsser5@aol.com

  2. Not just Computer Back-Up • IT functionality - limited usefulness if the rest of the business is not present. • Today’s primary discussion - non-IT functionality.

  3. What you get to take with you • An overview of BCP Structure and Techniques. • A set of questions you can ask in your business to help you gauge preparedness. • Some Tools and Resources that may be useful.

  4. Disaster Fact • Out of every FIVE businesses that suffer a major disaster, • TWO will never reopen and • A THIRD will fail within 2 years. [DRI International]

  5. BCP Like Life Insurance? • Uses up resources. • Only pays off if something bad happens. • Costs every year - Never Finished

  6. Kinds of Risks / Dangers • Natural • Proximity • People • Environmental

  7. Natural Risks • Earth • Wind • Fire • Water

  8. Proximity Risks • Government Buildings • Airports / Heliports • Industries using Chemicals or Flammables • Trains • Highways

  9. Risks from People • Disease • Bomb Threats • Workplace Violence • Cyber Attacks

  10. Environmental Risks • Asbestos • PCB’s • Mold / Sick Building Syndrome • Piled up Paper • Ongoing Construction

  11. BCP as Advance Planning • Business Continuity Planning is at least partially the art of making all the decisions that can be made in advance of a disaster.

  12. BCP - Four Major Components Life/Safety BIA EM & R Departmental Recovery

  13. BCP - Four Major Components Life/Safety Plan

  14. BCP - Four Major Components Business Impact Analysis

  15. BCP - Four Major Components Emergency Management & Response

  16. BCP - Four Major Components Departmental Recovery

  17. RTO’s, RPO’s & Declaration Info Tech RTO Catch-up Processing Disaster Event Disaster Declaration Department RTO GAP Reconstruct WIP & Lost Stockpiled Transaction Input Normal Business Activities Pre-Processing Opportunity

  18. How Important is Information Technology? • If you can only afford to protect one thing in your business, protect your data. You will not recover without it. • Just don't expect that alone to save you from a disaster.

  19. Functionality is the Issue • A business must regain process functionality. • Computers are just a tool. • They make things faster, but they are not the business.

  20. Scenario • You are a Progressive Organization. • Your Data is Backed up and Off Site - Daily. • You can Recover from any Disaster that Dares to hit you.

  21. NOT Scenario • You are a Progressive Organization. • Your Data is Backed up and Off Site - Daily. • You can Recover from any Disaster that Dares to hit you.

  22. Scenario - 2 • A disaster event – fire, flood, anthrax, something – has made your primary business location unusable, either permanently, or for a long time…

  23. Good News - Maybe • You already have the answers. • Here are some of the questions to assist your planning process.

  24. Management Organization • Where is the default meeting place for senior managers if telephones are unavailable? • Is there a succession plan if several senior managers are killed in the disaster?

  25. Management Organization • Who would face the media and regulatory authorities? • Is he or she prepared to do so? • Is there a backup person? • Do all others know to NOT talk to the media?

  26. Management Organization • How many days can the company be completely “down” before serious business repercussions are inevitable? (loss of customers, employees, regulatory intervention)

  27. Notification • How would you contact employees, suppliers, key customers, etc. without access to your business records?

  28. Infrastructure • How much space would you need and how quickly could it be acquired? • What space is available today in your city? • Who is in charge of office layout, furniture, wiring, etc. …and who backs them up if they are made unavailable by the disaster?

  29. Resource Requirements • Who has purchasing authority? • Who is the purchasing backup? • How quickly would the company need replacement resources? Day 1, day 3, etc.? • Do you know where to get those resources in the quantities you need on a rush basis? • Have you ever tested whether or not those suppliers can deliver on a rush basis?

  30. Resource Requirements • What custom documents and forms does the company have where the entire supply is on site? (checks, envelopes, letterhead, invoices)

  31. Advance Agreements • Who is in charge of liaison with fire, police or other emergency authorities? • Who is his/her backup? • Have you met with those authorities to determine their protocols in emergencies and establish a liaison relationship with them?

  32. Advance Agreements • Does the company have arrangements with its telephone carrier to place messages on inbound lines until they can be answered? • What messages will you use? • Who will the telephone carrier recognize as having the authority to institute them or make changes?

  33. Emergency Operations • How would the company go about setting up an Emergency Operations Center? • Who would staff the EOC? • Do you have EOC supplies already off site? (Sample list in packet)

  34. Emergency Operations • Which critical business functions need to be up and running first? • How long can functions be down before the company incurs regulatory scrutiny and penalties? • How long can functions be down before customers abandon you for another supplier? • What can you do to mitigate this?

  35. Financial Preparation • Are emergency lines of credit in place and the authority to access them clearly delineated? • Does the company have arrangements with its bank(s) to continue repetitive payments for a short time?

  36. Financial Preparation • Are corporate accounting records and processes backed up and documented off site? (Key people may not be available after a disaster.) • Does the company have manual disbursement procedures?

  37. Salvage • Did you know that wet records could be freeze-dried and often saved? • Do you have an agreement with someone who does that kind of work? • Do you know who does that kind of work? (See list at end)

  38. Salvage • Information from hard drives of smoke or water damaged PC’s can also be retrieved by experts.

  39. Mail • Mail handling operations are often overlooked. What would the company do about lost mail, both incoming and outgoing? • Is there a plan to get mail flowing in an orderly fashion after a disaster?

  40. Security • How easy is it for a non-employee to get into your office today? • How would you maintain security at your primary site until salvage could be carried out?

  41. Departmental Readiness • Who is the recovery coordinator for each department and what preparations have they made? • What are those things that each department needs that may be “below the radar” of corporate planners and not easily obtainable?

  42. Departmental Readiness • Have the departments taken any steps to safeguard those things? – Every Department should consider what kind of problems an “off-site box” at a remote storage facility could save them.

  43. Departmental Readiness • Has each department determined how to recover work-in-progress? • Does each department know what resources it requires to resume business operations? (How many computers, desks, chairs, file cabinets, fax machines, printers, copiers, phones, etc.?)

  44. Departmental Readiness • How quickly would each Department need replacement resources? How much on day 1, day 3, day 5, etc.? (This is how you build the company list.)

  45. Departmental Technology • Is the operating department responsible for replacing desktop technology or is IT? Does everyone understand that? • Have you written into your plan the minimum hardware/software configuration you require for desktop workstations?

  46. Resources • For Clean Up / Restoration • BMS Catastrophe – (www.bmscat.com) • ServiceMaster (www.servicemasterclean.com/) • Mobile Office Space / Data Centers / Equipment • Agility Recovery Solutions (www.agilityrecovery.com) • Sungard (www.sungard.com) • Rental Systems (www.rentsys.com)

  47. Resources • Business Continuity Education and Certification • DRI International (www.drii.org) • Professional Journals – Articles and links to vendors • Disaster Recovery Journal (www.drj.com) • Contingency Planning & Management (www.contingencyplanning.com)

  48. Resources • Workplace Violence Resources • Occupational Safety & Health Administration (http://www.osha.gov/SLTC/workplaceviolence/) • National Institute for Occupational Safety and Health (http://www.cdc.gov/niosh/violcont.html) • Minnesota Department of Labor & Industry – Workplace Violence Prevention Resources (http://www.doli.state.mn.us/violence.html) • USDA Handbook on Workplace Violence Prevention and Response (http://www.usda.gov/news/pubs/violence/wpv.htm)

More Related