Continuity of Business

Similar documents
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Appendix 3 Disaster Recovery Plan

Our key considerations include:

MassMutual Business Continuity Disclosure Statement

Business Continuity Management Program Overview

Cyber Resilience. Think18. Felicity March IBM Corporation

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

WHITE PAPER. Title. Managed Services for SAS Technology

Table of Contents. Sample

Build a viable plan for disaster recovery and crisis management.

TSC Business Continuity & Disaster Recovery Session

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Global Statement of Business Continuity

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

Business Continuity Planning

Policy. Business Resilience MB2010.P.119

SAS SOLUTIONS ONDEMAND

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Business Continuity and Disaster Recovery

Implementing a Global Business

Symantec Business Continuity Solutions for Operational Risk Management

3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806)

Continuous protection to reduce risk and maintain production availability

National Level Exercise 2018 After-Action Findings

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

WHITE PAPER. Solutions OnDemand Hosting Overview

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Information Technology Disaster Recovery Planning Audit Redacted Public Report

STRATEGIC PLAN. USF Emergency Management

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Risk Management. Continuity Management

Disaster recovery strategic planning: How achievable will it be?

ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER

UF CEMP Support Group Annex: IT Group

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Cloud-based data backup: a buyer s guide

DISASTER RECOVERY PRIMER

Business Continuity & Disaster Recovery

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

EX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Florida State University

Overview of the Federal Interagency Operational Plans

Avanade s Approach to Client Data Protection

Hazard Management Cayman Islands

Keeping it Simple Driving BCM Program Adoption Through Simplification

BROADBAND FOR IMPLEMENTATION OF NATIONAL EMERGENCY TELECOMMUNICATIONS PLANS

Business Continuity Policy

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

Certified Information Systems Auditor (CISA)

Memorandum APPENDIX 2. April 3, Audit Committee

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

New York City Emergency Management Public/Private Collaboration and Support

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

GUIDANCE NOTE ON CYBERSECURITY

Introduction to Business continuity Planning

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

Member of the County or municipal emergency management organization

Data Center Operations Guide

NUIT Tech Talk. Emergency Preparedness. March 1, Sharlene Mielke. Jay Bagley. Disaster Recovery / Business Continuity Coordinator

Emergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Business Continuity: How to Keep City Departments in Business after a Disaster

June 5, 2018 Independence, Ohio

BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS

The Future of Business Continuity & Resiliency

Module 4 STORAGE NETWORK BACKUP & RECOVERY

Cloud Disaster Recovery: Public, Private or Hybrid Cloud Solutions Supporting Disaster Recovery

Principles for BCM requirements for the Dutch financial sector and its providers.

GIS in Situational and Operational Awareness: Supporting Public Safety from the Operations Center to the Field

Template. IT Disaster Recovery Planning: A Template

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

New Zealand Government IBM Infrastructure as a Service

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

INTELLIGENCE DRIVEN GRC FOR SECURITY

Business Continuity Plan Executive Overview

Building a BC/DR Control Library and Regulatory Response Program

Dell helps you simplify IT

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

CA ARCserve Backup. Benefits. Overview. The CA Advantage

Session 5: Business Continuity, with Business Impact Analysis

2 ESF 2 Communications

Chapter 1. Chapter 2. Chapter 3

For providing decision support on climate stressors to infrastructure and assets for federal, state, local, and private clients...

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Business continuity management and cyber resiliency

The Office of Infrastructure Protection

U.S. Customs and Border Protection Cybersecurity Strategy

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Emergency Management Update. June 2018

Transcription:

White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be a responsible and reliable business partner.

Continuity of Business The version of this paper is December 2015. The content is extracted from the technical paper The Quality Imperative: SAS Institute s Commitment to Quality at http://www.sas.com/en_us/whitepapers/quality-imperative-commitmentto-quality-106810/download.html. For more information about SAS Continuity of Business (COB) initiative, send e-mail to COBProgramOffice@sas.com.

Continuity of Business Table of Contents Continuity of Business... 1 Core program components... 1 Plan contents... 2 A global approach to planning... 2 Enhanced company resilience... 2 Customer support... 3 IT recovery... 3

Continuity of Business 1 Continuity of Business At SAS we develop enterprise-class analytics software that guides our customers decisions about their business operations, their products and their customers. We also make an extraordinary investment in our employees, making us one of the top-ranked workplaces around the world. We extend this same vision and planning to manage risk in an increasingly interconnected and dynamic business environment. SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be a responsible and reliable business partner. Jim Goodnight, CEO of SAS Continuity of Business (COB) refers to an organization s plans and procedures aimed at protecting its key assets and continuing its critical business functions in the event of anticipated and unanticipated threats. COB takes into consideration corporate governance, information security, and corporate social responsibility, the primary factors that customers consider when selecting the strategic vendors to which they entrust their business. SAS global COB program evolved from its longtime disaster recovery and crisis management procedures. Applying an all-hazards planning approach, SAS incident preparedness and response is focused on protecting and recovering core business operations from threat impacts. Security, Facilities, IT, Communications, and the business units work together proactively to develop resilience and mitigation strategies. In a disruptive incident, they coordinate to execute response, recovery and business resumption plans. Under SAS pandemic plan, cross-functional taskforce members are engaged to coordinate proactive response activities in accordance with public sector guidance. A global COB Policy provides a layer of program governance, formalizing roles and responsibilities and standardizing specific activities that include annual plan maintenance and testing, staff training, and management program review. The main focal points for SAS COB program are: Protecting employees (life safety) Providing customer support Restoring the services upon which critical business functions depend. Core program components SAS COB program continues to develop in alignment with industry best practices and standards for business continuity. Key components of the program include: Executive oversight in risk management and program development Risk assessment and Business Impact Analysis (BIA) Impact mitigation and business resumption strategy development Business resumption and IT recovery plans to support recovery of critical business functions

2 Continuity of Business Emergency Operations Command (EOC) for disruptive incident management Annual plan maintenance, exercise, and staff training. Plan contents Typical COB plans at SAS include: Incident notification/escalation process Roles and responsibilities of response, recovery, and business resumption staff Internal and external call lists Alternative site information Application and system dependencies Critical third-party supplier requirements and contacts Business resumption strategies (for example, where appropriate, critical functions will use manual workarounds, staff can work from alternate locations, critical function services can be provided from staff in other geographic locations). A global approach to planning SAS Continuity of Business initiative extends to all SAS offices. Its COB methodology is applied corporate-wide, using standardized templates and processes for response, recovery, and business resumption planning, and using knowledge and resources at the local, regional, and headquarter-office levels. Each SAS office is responsible for developing and implementing continuity plans in accordance with corporate standards to ensure an appropriate level of planning to meet business drivers while mitigating risks. A global collaborative approach to planning also supports the identification, development, and implementation of backup strategies for critical business processes and IT dependencies. This approach ensures a sustained minimum level of care for local and global customers so that if required, support may be provided from another office or from SAS Headquarters. As was used for incidents such as the 2013 Boston bombings and the 2011 Japan earthquake and tsunami, global communication protocols are in place to support impact assessment and activation of local incident management response teams and SAS corporate Emergency Operations Command. Enhanced company resilience In addition to supporting incident preparedness, the COB program is also a catalyst for the ongoing improvement and increased resilience of SAS operations. In the short term, key business processes are documented, internal and external dependencies are assessed, and, where appropriate, employees are cross trained for key roles within the organization. However, a long-term result of SAS COB program is the improvement of business processes and enhanced company resilience because the ability to quickly recover from unforeseen incidents is closely tied to more efficient and effective dayto-day operations.

Continuity of Business 3 Customer support SAS wants its customers to have the support they need to continue using SAS software on an ongoing basis. As such, SAS continuity of business planning is focused on services that must continue after a disruptive incident occurs. SAS global recovery strategies for several key customer-facing functions are summarized below: Communications - During an incident, SAS may communicate with customers through multiple channels including: company phone messaging, the corporate website, social media, email, instant messaging, video conferencing, personal contact with account managers, and other staff, and through business partners and the media. Contracts - SAS has designed and implemented measures to ensure that customer and software license key support will continue. This support can be provided through alternate methods and multiple channels that include recovery staff equipped to work from alternate locations. SAS Solutions OnDemand - SAS Solutions OnDemand, SAS hosted solutions, reside in secure data centers that are resilient to many types of potential incidents. Regular off-site rotation of data backups ensures that customers vital data can be protected during an incident, and that their services can be restored. For customers with more specific requirements, additional options such as off-site recovery offerings and recovery time guarantees are available. A Disaster Recovery Requirements Planning process is designed to help customers arrive at a solution that is cost-effective for their needs. Source code - Copies of the SAS source code for all production products, as well as for the current R&D environment, are kept on-site and off-site to expedite recovery. On-site copies are stored in a below-ground, fireresistant vault. Source code and distributed media for major SAS software releases are archived. Technical support - In daily operations, SAS uses a follow-the-sun support model routing calls to technical support staff in SAS offices around the world to provide support to customers on an around-the-clock basis. This provides a baseline strategy for global support during an incident. In addition, if SAS headquarters becomes inoperable, business resumption strategies include local staff working remotely and the transfer of responsibility to regional and global technical support staff. On-call staff at SAS headquarters are always available for global customer technical support and infrastructure needs. IT recovery SAS has a robust IT infrastructure housed in hardened, secure enterprise data centers. When an unforeseen incident occurs, there are plans in place to assess, restore, and resume normal operations for affected IT infrastructure. Recovery procedures include restoring facilities (for example, buildings and electricity) and support services (for example, telephone service and computer infrastructure) to facilitate the recovery of critical business functions. Critical systems are supported in data centers in separate locations, providing redundancy for critical IT infrastructure. The data centers are equipped with uninterruptible power supplies (UPS), diesel generators, multiple power feeds, and redundant switch gear for maximum reliability. They are staffed 24 hours a day and systems are monitored and alerted automatically. SAS uses Wide Area Network (WAN) network infrastructures that avoid the use of dedicated network paths, minimizing the impact of satellite, terrestrial, and undersea cable outages.

4 Continuity of Business Many components of the IT recovery plan are exercised regularly, as they are the same procedures used in maintaining a complex infrastructure for daily operations. Recovering from system failures and restoring data subsystems are handled by on-call staff.

SAS Institute Inc. World Headquarters +1 919 677 8000 To contact your local SAS office, please visit: www.sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright 2015, SAS Institute Inc. All rights reserved. 3/11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback