Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Business Continuity:
The Art and Science of Keeping the
NICSA ▪ 8400 Westpark Drive, 2nd Floor ▪ McLean, VA ▪ 22102
Tel: 508-485-1500 ▪ Fax: 508-485-1560 ▪ www.nicsa.org
Engine Running
Wednesday, May 11, 2011
2:00 – 3:00 p.m. Eastern
Our Moderator
Erika Ivanyi
Senior Vice President and General Manager
(San Antonio Office)
American Funds
Capital Group Companies
Our Presenters
Peggy S. Lynnes
Capital Group
Companies
Andy Waples
Eaton Vance
Management
Michael Haikola
MFS Investment
Management
Business Continuity
• What is it?
– The ability of an organization to provide
service and support for its customers and to
maintain its viability before, during, and after a
business continuity event
Business Continuity
Who governs it?
• Depending on the industry it could be
– Your clients/customers
– Regulatory Bodies (SEC, OSHA, FINRA)
– Shareholders
Business Continuity
Management• Consists of 4 distinct elements
Business Continuity
Emergency Response
Disaster Recovery
Crisis Management
Business Recovery
Business Continuity Planning
How do you do it?
Risk Assessment
Business Impact Analysis
Plan DevelopmentTest
Planning/Execution
Continuous Improvement
Planning
Keys to success• Management commitment
• Don’t bite off more than you can chew• Don’t bite off more than you can chew
– Pending maturity of your program; gradually
complete your implementation
– Use a continuous improvement methodology
to build on weaker components
• Exercising, Exercising, Exercising
Disaster Recovery Defined
Disaster Recovery is the technical aspect of business continuity. The
collection of resources and activities to re-establish information technology
services (including components such as infrastructure, telecommunications, services (including components such as infrastructure, telecommunications,
systems, applications and data) at an alternate site following a disruption of
IT services. Disaster recovery includes subsequent resumption and
restoration of those operations at a more permanent site.
Source: Disaster Recovery Journal
Disaster Recovery
Categories of Assets To “Recover”
• Datacenter / Core IT Infrastructure• Datacenter / Core IT Infrastructure
• Supporting Facility Infrastructure
• Workspace
Disaster Recovery Planning Steps
Design
• Policy Statement / Objectives
• Risk Assessment & Identify Preventive Controls
Implement
• Develop Recovery Strategies
• Implement and Document Recovery Capabilities
Exercise
• Exercise to Validate
• Maintain
Recovery Framework Options
Speed o
f R
ecovery
Cold or No Standby Capacity
Warm Recovery Site – “Active / Passive”
Full Geographic Redundancy –“Active/Active”
Speed o
f R
ecovery
Cost & Complexity
A Picture Says 1,000 Words
• Create Context Diagrams
for all applications
• Create Network topology
diagram(s)
• Connectivity diagram(s)
• Follow the path of all
touch-points to
understand
interdependencies
Datacenter &“Core” IT Infrastructure
Hardware
• Network: Core Routers,
floor hubs
Infrastructure Applications
• Job Scheduler
• ETL Tools
• Servers
• Storage
• Tape Library
• Security Appliances
• Other Appliances (e.g.
Load Balancers)
• BES (Blackberry Server)
• Secure Transport
• Intranet
• Active Directory
• DNS
• NTP Server / Protocol
IT Recovery Documentation
Application Recovery
IT Group Recovery
IT DR
“Run Book”
Recovery Plans
Recovery Procedures
Key Takeaways• Prioritize on Risk / Impact
• Choose Recovery Framework to Match • Choose Recovery Framework to Match
Business Requirements
• Establish Recovery Ownership /
Responsibility
• Don’t forget the core: Dig into system
interdependencies
Selected References
• Disaster Recovery Journal (www.drj.com)
• National Institute of Standards and Technology (www.nist.gov)– Contingency Planning Guide for Information Technology Systems– Contingency Planning Guide for Information Technology Systems
• Financial Services Roundtable (www.bits.org)– BITS Technology Risk Transfer Gap Analysis Tool
Crisis Management
NICSA ▪ 8400 Westpark Drive, 2nd Floor ▪ McLean, VA ▪ 22102
Tel: 508-485-1500 ▪ Fax: 508-485-1560 ▪ www.nicsa.org
Peggy Lynnes, CBCP
Vice President, Business Continuity
Capital Group Companies
This is not a drill!!!
• Key components of Crisis Management
– Speed of event awareness…. “Houston, we – Speed of event awareness…. “Houston, we
have a problem.”
– Well trained responders
– Fully developed response process
– Communicate accurately and often
How do you know there is a
problem?• Surveillance of facilities, systems, weather
events, regional eventsevents, regional events
– Monitor alarm systems
– Local, regional, national, and international
news
– Partner with other surveillance sources, (e.g.
Govt. agencies)
Who needs to be involved?
Business Continuity
I T MgmtDisaster Recovery
Facilities Mgmt
Human ResourcesKey Business Leads
Corporate Communications
Educate and train
Crisis Management
teams in place to
Global event =
Global Crisisteams in place to
address varying
degrees of events
Exercise, exercise,
exercise!
Mgmt Team
Technology Event =
Critical Incident
Mgmt Team
Single site event =
Facility Crisis
Mgmt team
Crisis Management Plans
• Ability to assess and respond with speed
– Automate assembly process – blast up calls, – Automate assembly process – blast up calls, emails, etc.
– Agenda to focus on life safety, impacts to critical business functions, who is taking action, communication needs, set up next meeting
– Communication plan, internal and external