Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

Similar documents
TSC Business Continuity & Disaster Recovery Session

Principles for BCM requirements for the Dutch financial sector and its providers.

Cyber Resilience. Think18. Felicity March IBM Corporation

Business Continuity Management

Risk Management. Continuity Management

Certified Information Systems Auditor (CISA)

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Business Continuity and Disaster Recovery

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

The Problem. Business Continuity/ Disaster Recovery. Course Outline and Structure. The Problem The Coverage. Sean Gunasekera

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Disaster Recovery and Business Continuity Planning (Mile2)

Infocomm Professional Development Forum 2011

Introduction to Business continuity Planning

Business continuity management and cyber resiliency

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Module 4 STORAGE NETWORK BACKUP & RECOVERY

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network

Business Continuity Policy

Session 5: Business Continuity, with Business Impact Analysis

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Sample Exam Privacy & Data Protection Foundation

RECOVERY & BUSINESS CONTINUITY SERVICES. Protect your data. Recover your environment. Manage your recovery.

Disaster recovery strategic planning: How achievable will it be?

Business Continuity Management Standards A Side-by-Side Comparison

Sungard Availability Services Information Availability... Delivers

Using International Standards to Implement a Business Continuity Management System (BCMS)

Service Recovery & Availability. Robert Dickerson June 2010

A View From the Top. Mark Hughes BT Group Security Director

Meeting the Challenges of Enhancing Power Sector Resilience

How to Conduct a Business Impact Analysis and Risk Assessment

Disaster Recovery Is A Business Strategy

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Driving Global Resilience

PECB Change Log Form

BUSINESS CONTINUITY MANAGEMENT. A short guide 2017

Using ITIL to Measure Your BCP

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

MHA Consulting BCM Metrics Resiliency Through Measurement

Business Continuity Planning

D2-01_17 PREPARING ICT TOWARDS ELECTRICAL BUSINESS CONTINUITY

Disaster Recovery and Business Continuity

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Table of Contents. Sample

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

The ITIL v.3. Foundation Examination

Business Continuity & Disaster Recovery

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

What Does the Future Look Like for Business Continuity Professionals?

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR ITALY

Certified Information Security Manager (CISM) Course Overview

Managing e-infrastructures

A Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

Operational Risk Management: Major Processes and Assignments

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Continuity of Business

Business Continuity Risk Management IT Service Continuity

ROLE DESCRIPTION IT SPECIALIST

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

Roadmap to Availability

CIO Guide: Disaster recovery solutions that work. Making it happen with Azure in the public cloud

INTERNAL AUDIT DIVISION REPORT 2017/037

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?

Introduction to Business Continuity Management

Recovery at a Click - where to be in 18 months

PROTECT YOUR DATA, SAFEGUARD YOUR BUSINESS

Implementing BCM Frameworks. Monday 19 November Aidan O Brien Head of Resilience and Security National Australia Group Europe

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

AGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE

Implementing a Global Business

Build a viable plan for disaster recovery and crisis management.

Cyber Resiliency. Felicity March. May 2018

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR BRAZIL

A Component-based Business Continuity and Disaster Recovery Framework

What is ISO ISMS? Business Beam

After the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning

HENRY EE, FBCI, CBCP

Improve testing for customer services and service management

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

RSA Advanced Cyber Defence Summit

1. You should attempt all 40 questions. Each question is worth one mark.

Navigating the Clouds Fortifying ITIL for Cloud Governance

Backup vs. Business Continuity

Policy. Business Resilience MB2010.P.119

Business Resiliency in the Cloud: Reality or Hype?

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR INDIA

EMC GLOBAL DATA PROTECTION INDEX STUDY KEY RESULTS & FINDINGS FOR THE USA

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

REPORT 2015/149 INTERNAL AUDIT DIVISION

Symantec Business Continuity Solutions for Operational Risk Management

ITIL overview Service Delivery. Jaroslav Procházka

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Transcription:

Rejuvenating BCM - Infrastructure Business Continuity Awareness Week 23 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM 23 March 2009 Total of 5 pages

Table of Contents I. ICT Service Continuity Current State a. Identifying Requirements and Weaknesses b. Risk c. Business Criticality III. Appendices a. Related Papers and Information b. Glossary of Terms II. Multi-Year Plan a. Balancing Design and Cost b. Multi Year Infrastructure DR Roadmap c. Self Funding Paradigm 1

I. ICT Service Continuity Current State I. ICT Service Continuity Current State a. Identifying Requirements and Weaknesses b. Risk c. Business Criticality 2

a. Identifying Requirements and Weaknesses Standards, Practices and Programme are they working for you? Do you have in place? Review potential weaknesses - single points of failure, redundancy, supply chain dependence, IT processes, security, backup and restore, availability, Disaster Recovery or IT Service Continuity, BCM, location of premises, systems monitoring, power. Review trend reporting availability, failure, capacity, security, downtime, Service Level reports. Review Service Level Agreements (SLAs) with the Business Owners of the technology or services. Provide GAP analysis. Compare information against corporate Policy, Guidelines, SLA s, Strategy. Measure the costs of desired state vs. current state (downtime vs. resilience expenditure i.e., risk and impact vs. costs) Present the information in business terms, removing the technical complexity and terminology that could impair understanding of the issue. Source: PAS 77: 2006 3

4 b. Risk Heat Map Business Risks - IT Key Data Centre Outage Critical Failure of IT Outsource Customer Data IT Security Inadequate mitigation in place Impact Significant Financial Systems Customer Billing Semi-adequate mitigation in place Minimal India Call Centre Supply Chain Adequate mitigation in place Extremely Remote 1 * 10-100 years Remote 1 * 2-10 years Possible in Short to Medium Term 1 * 6-24 months Likelihood Likely in Short Term 1 * 0-6 months

5 c. Business Criticality Heat Map Criticality of Systems vs. Availability Key Continuous Availability India Call Centre Telecoms & LAN Despatch Data Centre Financial Systems No plan RTO unknown Architecture Disaster Recovery Internet Presence Customer Data email SRM Online Ordering Payroll Backup and restore procedures in place. RTO 36 hours Backup & Restore Customer Billing Document Registry Disaster Recovery in place RTO 24 hours Tactical Strategic Critical Mandatory Criticality

II. Multi-Year Plan II. Multi-Year Plan a. Balancing Design and Cost b. Multi Year Infrastructure DR Roadmap c. Self Funding Paradigm 6

Source: PAS77:2006 7 a. Balancing DR/HA Design and Cost Finding the right balance Availability is required for each system Cost of failure vs. cost of resilience. Limitations or constraints is the company operating under. Budget, time, resource. Risks associated with approach.

b. The Self-Funding IT Paradigm and Disaster Recovery The Self-Funding Ideal Streamline IT Operations, including use of DR equipment. Invest in Breakthrough Strategic Projects, include DR at project level. Realise Business Productivity Gains, find alternate uses for DR equipment Multi-year Strategic Initiatives Business-Led Discretionary Projects Core Infrastructure and Applications Use efficiencydriven costsavings to subsidise nextgeneration or future projects Charge out for DR to cover cost of infrastructure If a cost per use model is used for DR when using SLA s for IT Services, then the DR enablers can be self funded Original concept: The CIO Executive Board 8

9 c. Multi Year Infrastructure Disaster Recovery Roadmap FY2009 DR Policy FY2010 FY2011 FY2012 FY2013 FY2014 FY2015 SLA Strategy 1 DR Enablers Data Centre Infrastructure DR Strategy Continuous Improvement via Self Funding DR Paradigm DR Enabler Initiative 3 DR Enabler Initiative 4 Project 1 Project 2 Project 3 Project 4 Strategy 2 Projects & Lifecycle Project 5 Project 6 IT Lifecycle Project 7 Strategy 3 Critical Assets BIA & RA Multi Year DR Project for Top 5 Critical Assets Multi Year Project Critical Assets 2 Multi Year Project 3

d. Business Continuity Maturity BCMM Virtual Corporation 10

III. Appendices III. Appendices a. Related Papers and Information b. Glossary of Terms 11

12 a. Related Papers and Information AS/NZS 4360:2004 Risk Management AS/NZS HB221:2004 Business Continuity Management Business Continuity Institute, Good Practice Guidelines 2008 http://www.thebci.org/ Business Continuity Maturity Model, Virtual Corporation http://www.virtualcorp.net/html/bcmm.html BS31100:2008 Risk Management Code of Practice BS25999-1:2006 Business Continuity Management Part 1: Code of Practice BS25999-2:2007 Business Continuity Management Part 2: Specification BS25777:2008 Information and Communications Technology Continuity Management Code of Practice BSI ISO/IEC 24762:2008 Information Technology Security Techniques Guidelines for Information and Communications Disaster Recovery Services CIO Executive Board http://www.cio.executiveboard.com HB 293-2006 Executive Guide to Business Continuity Management HB292-2006 A Practitioners Guide to Business Continuity Management ITIL V3 NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs PAS 77:2006 IT Service Continuity Management Code of Practice

b. Glossary of Terms Business Continuity BCM BC Strategy Disruption ICT Continuity ICT Disaster Recovery Strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level. Business Continuity Management Approach by an organisation that will ensure its recovery and continuity in the face of a disaster or other major incident or business disruption. Event, whether anticipated or unanticipated which causes an unplanned, negative deviation from the expected delivery of products and services according to the organisations objectives. Capability of the organisation to plan for and respond to incidents and disruptions in order to continue ICT services at an acceptable predefined level. Activities and programmes that are invoked in response to a disruption and are intended to restore an organisation s ICT services. Impact Incident RPO RTO Resilience Risk Testing Vulnerability Evaluated consequence of a particular outcome. Situation that might be, or could lead to, a business disruption, loss, emergency or crisis. Recovery Point Objective. Point in time to which data has to be recovered in order to resume ICT services. Recovery Time Objective. Target time set for resumption of product, service or activity delivery after an incident. Ability of an ICT system to provide and maintain an acceptable level of service in the face of various disruptions and challenges to normal operation. Something that might happen and its effect on the achievement of objectives. Forced failure of all or part of an ICT system, under specific conditions, to verify that recovery is properly performed. Weakness within the ICT asset or activity that might, at some point, be exploited by threats. Source: BS 25777:2008 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback