the 13th annual continuity insights management conference · pdf file•a brief description...
TRANSCRIPT
An IT Application RTO Comparative Analysis Across 12 Industries
Session D5 – 11 AM, Monday, April 20, 2015
Robert S. Emmel, Ph.D. – Accenture COAP, CBCP, CBCV, AFBCI, CHS-III © Copyright 2015 Accenture
The 13th Annual Continuity Insights
Management Conference
Presented by: Continuity Insights
April 20-22, 2014 Talking Stick Resort ● Scottsdale, AZ
Next Generation Resilience
13th Annual Continuity Insights Management Conference: Next Generation Resilience
2
Introduction
• This document presents a comparative study of client IT application RTOs to potentially assist an organization in identifying, comparing and/or quantifying their IT application RTOs.
• This comparative analysis study presents actual rationalized IT application RTOs from 12 clients, each representing a different industry in comparison to an overall average RTO timeline “spread” from the combined IT application BIA RTO data of 44 additional clients.
• The goal of the study was to determine if there was a relationship between a company’s industry and the timing and “spread” of their IT application RTOs.
3
Study Approach
13th Annual Continuity Insights Management Conference: Next Generation Resilience
• 44 client BIAs representing multiple industries were randomly selected and reviewed to determine if there was a clear view to each of the organization’s IT application RTOs. • RTO results from the 44 clients were then combined to determine a “loose” overall average
of IT application RTOs across 18 time periods (i.e., from 0 – 1 hour to 30 days). • In some instances, client IT application RTOs were grouped with the closest and most
appropriate of the 18 time periods within the study to facilitate easier comparisons (e.g., an 84-hour RTO was grouped with the study’s 96-hour versus 72-hour RTO). • 12 additional clients were then selected to compare their IT application RTOs to the “loose”
average of the 44 client industry average. •A comparative analysis was performed and reflected in two charts for each client’s IT
application RTO “spread” in comparison with those from the combined 44 client average. •A brief description of a client’s RTO findings adjoins the client’s charts.
• Client names were omitted from the study.
4
Study Approach (cont.)
13th Annual Continuity Insights Management Conference: Next Generation Resilience
IT application RTO data for this study was drawn from BIAs performed across 44 clients representing multiple industries.
Bank - Foreign
Bank - National
Beverage Can Manufacturer
Brewery - Foreign
Cellular Communications Provider
Chemical Processor - Global
College - Small
Computer Services
Direct Mail Catalogue - Women's Apparel
Environmental Controls - Global
Financial Lending Services
Government - Foreign
Government - State
Healthcare Insurance Provider
Healthcare Provider - Regional
Paper Products - Global
Pharmaceuticals - Global
Professional Services Firm - Global
Restaurant and Entertainment
Retailer - Food
U.S. Government Corporation
Utility, Electric - Foreign
Utility, Electric - Regional
Airline Reservations
Bank - International
Bank - International
Bank - National
Communications Manufacturer - Global
Communications Manufacturer - Global
Communications Provider - 4G
Credit Card Processor
Distribution - Mail and Package
Energy - Downstream
Energy - Upstream/Downstream
Government - State
Healthcare Provider - Regional
Healthcare Provider - Regional
Media and Entertainment
Pharmaceutical Manufacturer - Global
Public School System - Large
Retailer - Electronics
Software Developer
Utility, Electric - Regional
Utility, Water - Regional
5
Study Approach (cont.)
13th Annual Continuity Insights Management Conference: Next Generation Resilience
The 12 clients selected for comparison purposes represented the following industries:
• Airline Reservations • Communications • Consumer Products • Electric Utility • Energy • Financial Services
• Healthcare • Manufacturing (High Tech) • Media • Mobile Communications • Natural Resources • Retail
• 0 – 1 hour • 1 – 2 hours • 2 – 4 hours • 4 – 8 hours • 8 – 12 hours • 12 – 24 hours • 24 – 36 hours • 36 – 48 hours • 72 hours
• 4 days • 5 days • 6 days • 7 days • 10 days • 14 days • 15 days • 21 days • 30 days
The timeframes selected for RTO placement and comparison purposes included:
6
Data Presentation Format – Example Charts
• Two charts were developed for each industry grouping represented in the RTO comparative study:
‒ Percentage (%) of IT applications recovered by RTO (see upper chart) as compared to the combined industry percentage (%)
‒ Cumulative percentage (%) of IT application recovery by RTO showing progression of the overall application recovery process versus the combined industry percentage (see lower chart)
• The “rust” bars within each chart represent the percentage (%) of IT applications recovered by RTO time period within the combined industries.
• The “gray” bars within each chart represent the current recovery rate of client IT RTOs.
13th Annual Continuity Insights Management Conference: Next Generation Resilience
Percentage of Applications Recovered by RTO (combined industries) % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO (combined industries) % of
Applications
RTO Timeframes
Combined industries % Client %
Combined industries % Client %
7
RTOs by Client – Airline Reservations
13th Annual Continuity Insights Management Conference: Next Generation Resilience
Percentage of Applications Recovered by RTO – Airline Reservations % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Airline Reservations % of
Applications
RTO Timeframes
• This industry’s overarching goals are the accurate and timely maintenance of a traveler’s reservation, ticketing, baggage handling/routing, commerce and scheduling experience so a traveler arrives safely at their destination and is not stranded along the way.
• Tiering within the IT application recovery process is easily identified:
‒ Tier 1 recovery activities typically focus on ticketing, scheduling, fare collection and baggage handling with an RTO of 2 – 4 hours
‒ Tier 2 recovery activities encompass the restoration of back-office support applications within an RTO 12 – 24 hours
• All applications are targeted to be completely recovered and operational within 12 – 24 hours of an IT outage.
Combined industries % Client %
Combined industries % Client %
8 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Communications
Percentage of Applications Recovered by RTO – Communications % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Communications % of
Applications
RTO Timeframes
• In an IT outage situation, this industry’s primary goal is to get back-office support as well as call tracking, routing and payment capabilities “up” as soon as possible.
• Recovery tiering is not readily identifiable from an overall industry view.
‒ The size of the particular company within the industry does make somewhat of a difference in application RTOs.
‒ Larger organizations typically recover applications more quickly (e.g., faster than 24 – 36 hours)
• Irrespective of company within this industry, the vast majority of applications (approximately 98.5%) are recovered within five (5) days.
Combined industries % Client %
Combined industries % Client %
9 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Consumer Products
Percentage of Applications Recovered by RTO – Consumer Products % of
Applications
Cumulative Percentage of Apps Recovered by RTO – Consumer Products % of
Applications
RTO Timeframes
• From a consumer products perspective, an IT outage typically impacts headquarters functionality before individual manufacturing plant locations are affected.
• Plant locations have their own IT processing capabilities and can potentially function for up to five (5) days without HQ-refreshed product manufacturing, inventory or shipping information.
• As these graphs represent a single company within the Consumer Products industry, recovery Tiering is easily identified: ‒ Tier 1 applications (e.g., SAP, Manugistics,
Exchange, etc.) are recovered within five (5) days.
‒ Tier 2 applications (e.g., Hyperion, Brand websites, etc.) are recovered within 14 days.
‒ Tier 3 applications (e.g., employee self-service, SharePoint, WebSphere, etc.) are recovered within 21 days.
RTO Timeframes
Combined industries % Client %
Combined industries % Client %
10 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Electric Utility
RTO Timeframes
Percentage of Applications Recovered by RTO – Electric Utility % of
Applications
Cumulative Percentage of Apps Recovered by RTO – Electric Utility % of
Applications
RTO Timeframes
• When an electrical utility’s main IT environment goes down, the individual power generation plants are not typically impacted as each plant has a separate IT environment just for that facility. (That doesn’t mean, however, that plant IT capability is not connected to the primary data center for relevant data.)
• In an IT outage situation, one of this industry’s primary goal is to get power trading systems back online in as little as one (1) hour following an IT disruption.
• Similarly, as can be seen from the upper graph, approximately 70% of the business management applications are to be recovered within a 4 – 8 hour timeframe, with the majority of the remaining applications (26.53%) recovered within 12 – 24 hours of an IT disruption.
Combined industries % Client %
Combined industries % Client %
11 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Energy
RTO Timeframes
Percentage of Applications Recovered by RTO – Energy % of
Applications
Cumulative Percentage of Apps Recovered by RTO – Energy % of
Applications
RTO Timeframes
• Similar to headquarters/plant data center strategies in other industries, upstream and downstream oil processing facilities are typically not impacted by a primary data center outage at an Energy industry headquarters location.
• In an IT outage situation, this industry’s primary goal is to get business management support applications (e.g., SAP, etc.) “up and running” within the first 8 – 12 hours (if not sooner) following an IT outage.
• Recovery tiering is readily identifiable from an overall industry view.
• Irrespective of companies within this industry
study, all applications are recovered within seven (7) days.
Combined industries % Client %
Combined industries % Client %
12 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Financial Services
Cumulative Percentage of Apps Recovered by RTO – Financial Services % of
Applications
RTO Timeframes
Percentage of Applications Recovered by RTO – Financial Services % of
Applications
RTO Timeframes
• Overall, this industry prides itself on being able to quickly (i.e., within a couple of hours) recover the majority of its IT and data center capabilities in the event of a disastrous data center interruption.
• Of all the Financial Services industry clients within this study, this one client example is provided to highlight a relatively “slow” data center recovery capability.
• The client is a very large retail and commercial financial services firm in Europe, and a large commercial bank within the boundaries of the U.S.
• Upon a data center outage scenario in the headquarters location in the Northeast U.S., the recovery data center (which resides in a co-location facility in the Southwest U.S. and primarily “runs” in an active/passive mode) can restore approximately 68% of production data center operations (e.g., trading, brokerage, loans, etc.) within 2 – 4 hours of a disaster event.
Combined industries % Client %
Combined industries % Client %
13 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Healthcare
RTO Timeframes
Percentage of Applications Recovered by RTO – Healthcare % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Healthcare % of
Applications
• The Healthcare industry focuses on recovering critical patient care IT applications within 8 – 24 hours of a data center outage.
• However, the Healthcare industry also is typically supported by proven departmentally-based manual procedures in the event of an extended IT or facility power outage.
• Recovery tiering is somewhat readily identifiable in the upper chart:
‒ Tier 1 applications (e.g., critical patient care – McKesson, Cerner, testing, imaging, etc.) are typically recovered within 4 – 24 hours of an IT event
‒ Tier 2 applications (i.e., non-emergency care) within 72 hours
‒ Tier 3 applications (i.e., billing, pharmacy, (some) medical records, etc.) after five days
Combined industries % Client %
Combined industries % Client %
14 13th Annual Continuity Insights Management
Conference: Next Generation Resilience
RTOs by Client – Manufacturing (High Tech)
RTO Timeframes
Percentage of Applications Recovered by RTO – Mfg (High Tech) % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Mfg (High Tech) % of
Applications
• Within the Manufacturing industry there are multiple data center strategies whereby the various plants will either share all or part of IT processing capabilities with the primary (e.g., headquarters) data center, or each plant can function in a standalone fashion with hourly/daily updates from HQ.
• Data from the upper chart highlights an example of a manufacturer that shares primary and plant IT capabilities, and recovers approximately 88% of their overall IT data center processing capabilities (e.g., Tier 1 applications - SAP, PeopleSoft, logistics, materials management, sales, etc.) within 24 hours of a data center disaster event.
• Tier 2 applications such as inventory management, Siebel and reporting within 72 hours of a data center disaster event.
• The remaining (Tier 3) applications (e.g., legal, training, and certification, etc.) are recovered within five (5) days.
Combined industries % Client %
Combined industries % Client %
13th Annual Continuity Insights Management Conference: Next Generation Resilience
15
RTOs by Client – Media
RTO Timeframes
Percentage of Applications Recovered by RTO – Media % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Media % of
Applications
• This Media industry example is the only client group within the study population whereby immediate/quick revenue recognition and tracking is not the primary driver of the business.
• 60% of IT production operations and conversion support capabilities (e.g., film to digital format conversion) is recovered within 24 – 36 hours due to a number of factors including film fragility.
• The Remaining 40% of applications (e.g., PeopleSoft Financials, imaging, contract management, AP/AR. etc.) are recovered within a timeframe equal to or greater than 72 hours.
Combined industries % Client %
Combined industries % Client %
13th Annual Continuity Insights Management Conference: Next Generation Resilience
16
RTOs by Client – Mobile Communications
RTO Timeframes
Percentage of Applications Recovered by RTO – Mobile Communications % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Mobile Communications % of
Applications
• Similar to the terrestrial communication providers within this study, an example Mobile Communications firm’s primary goal is to get back-office support as well as call tracking, routing and payment capabilities “up” as soon as possible (i.e., 8 – 12 hours), with credit management and other business operations applications “up and running” within 36 – 48 hours of a data center disaster.
• History and data warehouse-based applications would be recovered within 30 days.
Combined industries % Client %
Combined industries % Client %
13th Annual Continuity Insights Management Conference: Next Generation Resilience
17
RTOs by Client – Natural Resources
RTO Timeframes
Percentage of Applications Recovered by RTO – Natural Resources % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Natural Resources % of
Applications
• This Natural Resource (mining) client example requires approximately 12% of its IT applications be “up and running” within 0 – 1 hour of a data center outage to support highly time-sensitive communications and mine site operations (i.e., Tier 1).
• Tier 2 application recovery (35% of applications) occurs within a 36 – 48 hour timeframe and focuses on mine site business and production management.
• Tier 3 application recovery (13% of applications) occurs at 14 days and encompasses activities such as data warehousing and fixed asset management.
• Lastly, Tier 4 application recovery (40% of applications) occurs at 21 days and includes actuarial reporting, asset recovery, badging, sales, risk management, etc.
• Interesting note: this client tends to use extensive DR tabletop testing versus executing actual physical DR tests.
Combined industries % Client %
Combined industries % Client %
13th Annual Continuity Insights Management Conference: Next Generation Resilience
18
RTOs by Client – Retail
RTO Timeframes
Percentage of Applications Recovered by RTO – Retail % of
Applications
RTO Timeframes
Cumulative Percentage of Apps Recovered by RTO – Retail % of
Applications
• The Retail Industry’s overall recovery capability is somewhat mixed, and driven by not only the size of the company (i.e., number of stores, etc.), but by the company’s culture and type of goods sold.
• In general, approximately 30% of a retailer’s IT capability is targeted for recovery within 12 – 24 hours of a data center outage to keep its stores open, ensure revenue generation (sales) and item tax management, as well as customer retention and inventory management.
• However, after that initial recovery window, recovery timeframes can be spaced out over the remaining 29-day timeframe.
Combined industries % Client %
Combined industries % Client %
19
High-Level Findings
13th Annual Continuity Insights Management Conference: Next Generation Resilience
• There were some readily identifiable differences in RTO timing between industries. •When checked with appropriate client personnel, some RTOs from three years ago have
been accelerated (shortened) due to significant changes in business requirements. •Not all clients with the same industry recover within a similar RTO spread.
• In most cases, client’s recover a majority of their IT applications within 72 hours.
•While the RTO timeframes shown within this analysis had been rationalized, most were not
validated through an actual test. Therefore, please note the IT application RTO shown within the study may “slip” to the right (i.e., get longer) following a physical test. • It is anticipated the provided information can be used by organizations and their DR/BCP
planning staff to help in guiding internal RTO confirmation meetings.
13th Annual Continuity Insights Management Conference: Next Generation Resilience
20
Questions?
Additional ResourcesRobert S. Emmel
Senior Manager
Accenture161 North Clark StreetChicago, IL 60601- 3200
Mobile: (630) 913-8319Email: robert.emmel
@accenture.com
Additional ResourcesRobert S. Emmel
Accenture161 North Clark StreetChicago, IL 60601-3200
Mobile:(630) 913 8319Email: [email protected]