1 / 28

Disaster Recovery versus Continuity of Operations

Disaster Recovery versus Continuity of Operations. “Disaster recovery” is the process by which you resume business in the short term after a disruptive event.

william-strickland
Download Presentation

Disaster Recovery versus Continuity of Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Recovery versus Continuity of Operations • “Disaster recovery” is the process by which you resume business in the short term after a disruptive event. • "Business continuity planning" is a more comprehensive approach to making sure the organization continues to keep operating and making money. • Disaster recovery could be considered a sub-part of continuity of operations. • Both apply across a range from an earthquake to a computer virus attack.

  2. Business continuity actions • Mitigation: Something done to reduce the likelihood of occurrence and the severity of the loss • Avoidance: Actions taken to eliminate the event from occurring • Transference: Shift the risk to a third party

  3. Federal Government Continuity of Operations Plan (COOP) • FPC-65 describes the planning considerations and requirements for COOP plans. • FPC-65 requires that all Federal Executive Branch agencies must: • Be capable of implementing their COOP plans with and without warning. • Be operational not later than 12 hours after activation. • Be capable of maintaining sustained operations for up to 30 days. • Include regularly scheduled testing, training, and exercising of personnel, equipment, systems, processes, and procedures used to support the agency during a COOP event. • Provide for a regular risk analysis of current alternate operating facilities. • Locate alternate facilities in areas where the ability to initiate, maintain, and terminate COOP is optimal. • Take advantage of existing agency field infrastructures and give consideration to other options, such as telecommuting, work-at-home, and shared facilities.

  4. Business Continuity Plans • Plans that enable your company to operate at possibly reduced levels during and immediately following a disaster.

  5. Steps in Planning • To build a disaster recovery plan, the following steps should be taken: • Identify critical assets • Identify risks to the assets • Determine the likelihood of the threat and reduce it • Steps to minimize damage • Response actions

  6. Contingency Plan Coordination • Designated person to coordinate the contingency plan • Adequate knowledge and knowledge to implement the plan • Select a team to develop and implement the plan • Finance • Legal • Safety • Production • Administration

  7. Business Impact Analysis • A business impact analysis (BIA) is the first step in developing a BCP. It should include: • Identification of the potential impact of uncontrolled, non-specific events on the institution's business processes and its customers; • Consideration of all departments and business functions, not just data processing; and • Estimation of maximum allowable downtime and acceptable levels of data, operations, and financial losses.

  8. Business Impact Analysis • As part of a disaster recovery plan, BIA is likely to identify costs linked to failures, such as loss of cash flow, replacement of equipment, salaries paid to catch up with a backlog of work, loss of profits, and so on. • A BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. • The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance.

  9. Risk Assessment • Combined likelihood and severity of the event • Tangible losses • Costs that can be readily quantified • Lost productivity • Lost income • Extra expenses • Property damage • Intangible losses • Costs related to the event but hard to quantify • Lost business opportunities • Damaged reputation

  10. Examples of Risk Assessments • Tornadoes • Earthquakes • Thunderstorms • Snows • Extreme thunderstorms • Hurricanes • Floods

  11. Potential Manmade Risks • Maps of hazardous materials routes • Locations of hazardous facilities • Pipelines • Railroads • Dams • Rivers

  12. Facility Risks • Electricity • Telephones • Water • Climate control • Data networks • Structural

  13. Security Risks • Workplace violence • Bomb threats • Physical security of property • Sabotage • Intellectual property thefts

  14. Medical Threats • Illness • Deaths • Serious accidents

  15. Factors that can Affect Risks • Time of day • Day of the week • Location

  16. COOP Elements • Elements that make a COOP plan viable, include: • Essential functions. • Delegations of authority. • Succession planning. • Alternate facilities. • Interoperable communications. • Vital records and databases. • Human capital. • Testing, training, and exercise program. • Plans for devolution and reconstitution.

  17. COOP Plans • COOP planning objectives include: • Ensuring continued performance of essential functions. • Reducing loss of life and minimizing damage. • Ensuring succession to office of key leaders. • Reducing or mitigating disruptions to operations. • Protecting essential assets. • Achieving a timely recovery and reconstitution. • Maintaining a test, training, and exercise program for program validation.

  18. FEMA’s COOP Elements • Elements that make a COOP plan viable, include: • Essential functions • Delegations of authority • Succession planning • Alternate facilities, communication systems • Vital records and databases • A test, training, and exercise program • Plans for devolution and reconstitution

  19. Essential Functions • Essential functions are those functions that allow the organization to provide vital services • Essential functions are those functions which must continue to be provided without interruption

  20. Delegations of Authority • Delegations should be predetermined and documented in writing. They should state explicitly: • What authorities are delegated. • To whom. • Exceptions to the successor’s authority to redelegate. • Limitations on the delegated authority.

  21. Succession Planning • Order of Succession provides an orderly transition of power in the event of an emergency • Orders of succession should be established management, supervisors, etc. who are responsible for performing essential functions

  22. Alternate Facilities, Communications • In the event of a disaster, arrangements for alternate facilities should be identified beforehand • Arrangements should be made ahead of time to ensure communication systems can be brought back up and operational with limited interruptions

  23. Vital Records • In the event of a disaster, loss of data and loss of records may occur • Provisions and procedures should be made in advance to ensure back up copies are made and available • Examples of these records include legal records, financial records, etc.

  24. Tests • From a COOP perspective, tests are an excellent way to evaluate functions such as: • Communications connectivities. • Alert and notification procedures. • Deployment procedures.

  25. Training • Training is instruction in core competencies and skills and is the principal means by which individuals achieve a level of proficiency • Provides the tools needed to accomplish a goal, meet program requirements, or acquire a specified capability. • Training encompasses a range of activities, each intended to provide information and refine skills.

  26. Exercises • Exercises are events that allow participants to apply their skills and knowledge to improve operational readiness. • Exercises also allow planners to evaluate the effectiveness of previously conducted tests andtraining activities.

  27. Devolution • Devolution is the capability to transfer statutory authority and responsibility for essential functions from an agency’s primary operating staff and facilities to other employees and facilities.

  28. Reconstitution • Reconstitution is the process by which agency personnel resume normal agency operations from the original or a replacement primary operating facility.

More Related