DRP/ECPDisaster Recovery Plan / Enterprise Continuity Plan

Marcelo Silva

Agenda Introduction Roles of DRP/ECP The 6 Resilience Layers Training for the DRP team Choosing outside expertise to assist with

development of a DRP Developing a DRP/ECP awareness campaign Implementing a DRP/ECP awareness campaign

Introduction Why DRP/ECP? Benefits of a DRP/ECP Three vital Ingredients of a successful DRP/ECP Defensive Posture / Offensive Posture

Roles of DRP/ECP Emergency Management team (EMT) Damage Assessment Team Restoration Team Operations Team Customer Support Team Salvage/Reclamation Team Administrative Support Team

The 6 Resilience Layers1. Strategy2. Organization3. Business and IT Processes4. Data and Applications5. Technology6. Facilities and security

The 6 Resilience Layers1.StrategyStrategy is the first layer to be discussedOn this layer, the below components will be assessed and examined: Vulnerabilities Risks Competitive edge baseline organizational culture

The 6 Resilience Layers2.Organization Executive sponsor Roles, Responsibilities and Accountabilities Well defined communication protocol Cross-line-of-business linkage Skills that are critical to the company

The 6 Resilience Layers3.Business and IT ProcessA successful plan requires identify:

The minimum required functionalities during disruptive events

Alternate process/procedure that will allow operations to continue

Processes to achieve better workload balance All processes and the contingency plan must be

clear to all organization’s stakeholders Business processes that support Virtual, flexible and

distributed workplaces

The 6 Resilience Layers4.Data and Applications Good, valuable and reliable information Data and Application diversification Architectures standardization Ensure performance, availability and scalability

The 6 Resilience Layers5.Technology

Technology components when planning resiliency: Hardware architecture System software Middleware Networks Security Solutions

Levels of availability that should be aligned to the resiliency objectives: Reliability Redundancy Failover

The 6 Resilience Layers6.Facilities and SecurityLevel of the enterprise’s facilities: Environment considerations Geographical location Dispersion Security Access (Physical and logical security) Power protection Heating and cooling

The 6 Resilience LayersExamples1. Strategy

The university position in comparison to others2. Organization

Executive support3. Business and IT Processes

IT Processes changing4. Data and Applications

SharePoint Server for all data – Diversification is required5. Technology

No additional Exchange or SharePoint server6. Facilities and security

Eminent power outage in case of disaster

Training for the DRP team Risk evaluation and control Business impact analysis Emergency response and operations Incident management Developing and implementing DRP/ECPs Maintaining and exercising BCPs Public relations, media and crisis communication

Choosing outside expertise to assist with development of a DRPConsultant that: Acts as a facilitator whenever it is appropriate Produces solid lasting solutions Understands and acts to further the client’s mission Only makes promises when they can be kept Minimizes dependency of the client on the consultant Encourages the client’s competence, confidence and commitment Works with the client on the problem solution Focuses on the relationship with the client and technical problems Doesn’t take on any of the client’s responsibilities.

Developing a DRP/ECP awareness campaign Establish goals and Components Define the training/awareness method Identify the target / audience Implementing the awareness program

Implementing a DRP/ECP awareness campaign Include DRP/ECP in the New Hire Orientation Formal training Awareness seminars and Brown bag sessions Newsletter and Intranet DRP/ECP quizzes

References Hiles, A. (2007). The Definitive Handbook of Business Continuity

Management, Second Edition. John Wiley & Sons. Hiles, A. (2011). The Definitive Handbook of Business Continuity

Management, Third Edition. John Wiley & Sons. Goble, G., Fields, H., & Cocchiara, R. (2002). Resilient Infrastructure:

improving your business resilience. IBM Global Services. Maiwald, E., & Sieglein, W. (2002). Security Planning & Disaster

Recovery. Berkeley, CA: McGraw-Hill/Osborne. BS 25999-1 (2006). Business Continuity Management - Code of Practice.

BSI. BS 25999-2 (2007). Business Continuity Management - Specification. BSI.