BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?

Transcription

1 BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology? Executive Director Business Continuity Services April 1, Development Company, L.P. The information contained herein is subject to change without notice Presentation Outline Terminology basics Purpose of terminology Why it s critical to your plan Select examples of industry terms Internal & external organizations Recommendations to consider Closing statements Q&A 2 April 1, 2008

2 Terminology Definition Per Merriam-Webster the technical or special terms used in a business, art, science, or special subject nomenclature as a field of study 3 April 1, 2008 Terminology Purpose Purpose The purpose of a controlled terminology is intended to help facilitate the creation of objective conditions required to advance the cooperation and the exchange and transfer of information among organizations Ensure terms are clear, concise and communicated Eliminates chance of misinterpretation 4 April 1, 2008

3 Why is Terminology Critical? Issues One term or group of terms can be perceived in a number of different ways with different implications Internally, terms don t necessarily have the exact equivalent within their group as others Not having a common list of pre-defined terms for specific resources, will prevent the right resources being provided more quickly and with less confusion How people define or classify the term reflects the way they think, or, conversely, they think according to the way they classify or understand the term Results Expectations not met Misunderstandings & frustration Delays in plan execution Presents false sense of security 5 April 1, 2008 Strategic Impact of BC Directly to Shareholder Value 6 April 1, 2008

4 Sample Evolution of Terminology A good example of an area of terms that started in the 80 s Planned and unplanned downtime operations lights out operation 5:Nines availability 7x24x5 availability Redundancy Always on or-- always available Infrastructure or business resiliency 7x24x7x365 availability All these could have the same or similar definitions even though they have evolved over time 7 April 1, 2008 Definitions: Disaster Tolerant or Tolerance Availability.com For businesses relying on mission-critical computing systems, downtime isn't an option. For emergency-response organizations, lost time can be life threatening. In the business world, downtime and lost productivity mean lost revenue, an unacceptable proposition in any economy. The best way to reduce downtime is to prevent it in the first place by deploying continuous computing technology. The goal of fault tolerant solutions is to provide nonstop, 24/7 computing, even in the event of a component failure or software crash. Disaster recovery means that a crash has already occurred. Today, affordable fault tolerant solutions can be deployed to prevent outages from occurring in the first place to completely eliminate recovery time. This concept is known as disaster tolerance Fault Tolerant Computing, Theory & Techniques We differentiate between the terms fault tolerance and disaster tolerance. Fault tolerant system design has been studied for the last few decades and is usually based upon a single point of failure in a system. Typical strategies to provide fault tolerance at the physical level include the incorporation of redundant system components and a voting mechanism. Other methods include the use of error-checking and correcting methods, hot swap support, and special watchdog types of software. Disaster tolerance is a superset of fault tolerance in that a disaster may be caused by multiple points of failure in a system that occur very close together in time as well as a single point of failure that escalates into a wide catastrophic system failure. Fault or Disaster Tolerant Fault-tolerant describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. Fault tolerance can be provided with software, or embedded in hardware, or provided by some combination. Disaster Recovery Journal & DRII Not found. 8 April 1, 2008

5 DRJ and DRII Industry Glossary This glossary is an initiative of both the DRJ Editorial Advisory Board and the DRII Certification Commission BC/DR Standards Subcommittee, which sponsors a committee of industry experts which solicits the input of business continuity professionals on an ongoing basis and incorporates that feedback into its consideration of industry terms and definitions. 9 April 1, 2008 Scope & Scenario Definitions Specify the terms/terminologies you will use to define or classify events - these are usually based on scope Interruption vs. problem Minor vs. major Major vs. catastrophic BU based vs. enterprise 10 April 1, 2008

6 Disciplines vs. Definitions Emergency or Incident Management Security Management Disaster Recovery Management Business Continuity Management Risk Management Crisis Management 11 April 1, 2008 Definitions: Business Continuity Disaster Recovery Journal & DRII The ability of an organization to provide service and support for its customers and to maintain its viability before, during and after a business continuity event. Protiviti The identification and protection of business processes required to maintain an acceptable level of operations; keeping the critical business units running. APC The ability of an organization to ensure continuity of service and support for its customers and to maintain its viability before, during and after an event. Business continuity is your ability to support customers and stay in business. Glasshouse The umbrella for many concepts including: fault tolerance, high availability, backup/restore, redundancy, DR. 12 April 1, 2008

7 Definitions: Disaster Recovery Disaster Recovery Journal & DRII The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization s critical functions. APC Response to an interruption in IT operation by implementing a disaster recovery plan to restore an organization's critical business functions. Disaster recovery is your plan of action to restore critical functions after a disaster. Protiviti The technical or IT portion of the BCP; DR is a component of BCP. Glasshouse The ability to respond to an interruption in services by implementing a disaster recovery plan to restore an organization s critical business functions. 13 April 1, 2008 Issues in what is perceived or understood vs. what is fact 1. Mgmt says they have a disaster recovery plan in place 2. Passed audit; thus BCP will work 3. Business units say they must have continuous availability 4. Organizations saying they want business continuity 5. Believe Recovery Point Objective (data loss) is no more than 1 hour 1. Funding was limited to data protection only; nothing else is in place 2. Audits typically are check-lists vs. actual events (rehearsals) 3. Do they mean for their entire BU or critical processes only? Are they willing to fund this? 4. Not aware of scope; usually only one level of continuity, i.e., , call center 5. Infrastructure recovery/restore takes minimum of 48 hours 14 April 1, 2008

8 Public Authorities & External Organizations Examples: Incident Command System (ICS) National Incident Command System (NICS) Office of Emergency Services (OES) Information Technology Infrastructure Library (ITIL) Auditors Regulators (governing terms) 15 April 1, 2008 Recommendations Your program should include a glossary of terms and acronyms Consider 2 versions: 1) includes everything which would be used by all members of the recovery teams; and 2) and an executive version which you could provide to mgmt that contains terms and definitions that are pertinent to them and their role Ensure your terminology is clearly understood by members of your organization and other internal organizations Make this data easily accessible (i.e., posting on intranet) Communicate with critical third-parties what your terms are and how you define them Keep in mind the methodologies and terminologies used by public authorities to work effectively 16 April 1, 2008

9 Closing Statements It s less important what you call your terms and more important on what they mean and how they are understood within your organization How people define or classify the term reflects the way they think, or, conversely, they think according to the way they classify or understand the term 17 April 1, 2008 Technology for better business outcomes