disaster recovery plan / enterprise continuity plan
DESCRIPTION
Disaster Recovery Plan / Enterprise Continuity PlanTRANSCRIPT
DRP/ECPDisaster Recovery Plan / Enterprise Continuity Plan
Marcelo Silva
Agenda Introduction Roles of DRP/ECP The 6 Resilience Layers Training for the DRP team Choosing outside expertise to assist with
development of a DRP Developing a DRP/ECP awareness campaign Implementing a DRP/ECP awareness campaign
Introduction Why DRP/ECP? Benefits of a DRP/ECP Three vital Ingredients of a successful DRP/ECP Defensive Posture / Offensive Posture
Roles of DRP/ECP Emergency Management team (EMT) Damage Assessment Team Restoration Team Operations Team Customer Support Team Salvage/Reclamation Team Administrative Support Team
The 6 Resilience Layers1. Strategy2. Organization3. Business and IT Processes4. Data and Applications5. Technology6. Facilities and security
The 6 Resilience Layers1.StrategyStrategy is the first layer to be discussedOn this layer, the below components will be assessed and examined: Vulnerabilities Risks Competitive edge baseline organizational culture
The 6 Resilience Layers2.Organization Executive sponsor Roles, Responsibilities and Accountabilities Well defined communication protocol Cross-line-of-business linkage Skills that are critical to the company
The 6 Resilience Layers3.Business and IT ProcessA successful plan requires identify:
The minimum required functionalities during disruptive events
Alternate process/procedure that will allow operations to continue
Processes to achieve better workload balance All processes and the contingency plan must be
clear to all organization’s stakeholders Business processes that support Virtual, flexible and
distributed workplaces
The 6 Resilience Layers4.Data and Applications Good, valuable and reliable information Data and Application diversification Architectures standardization Ensure performance, availability and scalability
The 6 Resilience Layers5.Technology
Technology components when planning resiliency: Hardware architecture System software Middleware Networks Security Solutions
Levels of availability that should be aligned to the resiliency objectives: Reliability Redundancy Failover
The 6 Resilience Layers6.Facilities and SecurityLevel of the enterprise’s facilities: Environment considerations Geographical location Dispersion Security Access (Physical and logical security) Power protection Heating and cooling
The 6 Resilience LayersExamples1. Strategy
The university position in comparison to others2. Organization
Executive support3. Business and IT Processes
IT Processes changing4. Data and Applications
SharePoint Server for all data – Diversification is required5. Technology
No additional Exchange or SharePoint server6. Facilities and security
Eminent power outage in case of disaster
Training for the DRP team Risk evaluation and control Business impact analysis Emergency response and operations Incident management Developing and implementing DRP/ECPs Maintaining and exercising BCPs Public relations, media and crisis communication
Choosing outside expertise to assist with development of a DRPConsultant that: Acts as a facilitator whenever it is appropriate Produces solid lasting solutions Understands and acts to further the client’s mission Only makes promises when they can be kept Minimizes dependency of the client on the consultant Encourages the client’s competence, confidence and commitment Works with the client on the problem solution Focuses on the relationship with the client and technical problems Doesn’t take on any of the client’s responsibilities.
Developing a DRP/ECP awareness campaign Establish goals and Components Define the training/awareness method Identify the target / audience Implementing the awareness program
Implementing a DRP/ECP awareness campaign Include DRP/ECP in the New Hire Orientation Formal training Awareness seminars and Brown bag sessions Newsletter and Intranet DRP/ECP quizzes
References Hiles, A. (2007). The Definitive Handbook of Business Continuity
Management, Second Edition. John Wiley & Sons. Hiles, A. (2011). The Definitive Handbook of Business Continuity
Management, Third Edition. John Wiley & Sons. Goble, G., Fields, H., & Cocchiara, R. (2002). Resilient Infrastructure:
improving your business resilience. IBM Global Services. Maiwald, E., & Sieglein, W. (2002). Security Planning & Disaster
Recovery. Berkeley, CA: McGraw-Hill/Osborne. BS 25999-1 (2006). Business Continuity Management - Code of Practice.
BSI. BS 25999-2 (2007). Business Continuity Management - Specification. BSI.