Presentation
Download
Report
Transcript Presentation
CRISP
Technologies
Corporate Resource Integrated Systems Planning
Business Continuity
&
Resumption Planning
(BCRP)
CRISP
Technologies
www.crisptech.com
1
Corporate Profile
Established in 1988
A Management Consulting and Information Technology
Organization combining:
Management and Technical expertise
Value added business software products with:
Global coverage
Continuous support and customization
Add on modules and interfaces
Headquarters in Calgary - Alberta – Canada
International offices in:
Sophia Antipolis - Nice – France; Naples – Florida – USA; Dubai - UAE
CRISP
Technologies
www.crisptech.com
2
Practical, Professional Solutions
Business Continuity & Resumption Planning
(BCRP)
Business Continuity Planning (BCP)
Disaster Recovery Planning (DRP)
Emergence Response Planning (ERP)
Risk Management, Audit and security
CRISP
Technologies
www.crisptech.com
3
Business Consulting
The CRISP approach is flexible & based on your needs:
Business Continuity Plan
BCP & DRP Strategy
Audit BCP & DRP
Security Audit
Business Process Resumption
Business
Resilience
Risk Management
Operational Audit
Business Process Audit & Analysis
Compliance with Regulations & Standards
Emergency Response
&
Crisis Management
CRISP
Technologies
www.crisptech.com
4
CRISP
Technologies
www.crisptech.com
5
Business Continuity Challenges
Concerned about the continuity of your key
business functions?
Wondering how vulnerable your business is to
risks and exposures?
Wanting to protect and maintain your critical
business resources?
CRISP
Technologies
www.crisptech.com
6
CRISP
Technologies BCRP®
The process an enterprise needs to have in
place in order to continue its key business
functions and get back into normal operations
following an Incident.
Going from losing a business record
………..…………..to………………….
losing the whole business infrastructure
CRISP
Technologies
www.crisptech.com
7
Cost of Business Interruption
Loss or delay of Revenues and Profits
Lower Shareholder Confidence
Lower Employee Morale
Degraded levels of Customer Service
Missed Contractual Commitments
Missed Legal & Regulatory Commitments
Reduced Market Share
CRISP
Technologies
www.crisptech.com
8
How Much Would An Outage Cost?
More Than 60 Percent Of The Companies
Don’t Have An Estimate Of How Much An
Outage Would Cost
Q. Have you estimated the costs of nonoperation of business-critical applications?
Companies with cost
estimates 36%
There is a complex cost to
downtime.
Not just the revenue loss, but also
the loss of productivity, affect on
customer satisfaction, impact on
image and the potential for legal
actions
The full impact is often overlooked!
Companies without
cost estimates 64%
CRISP
Technologies
www.crisptech.com
9
Average Hourly Cost of Downtime
Brokerage House
Credit card sales and
authorization
Catalog sales
Package shipping and
transportation
Unix networks
PC LANs
Average hourly cost to
recreate data
CRISP
Technologies
www.crisptech.com
$6.4 million
$2.6 million
$90 thousand
$28 thousand
$75 thousand
$18 thousand
$50 thousand
Source: Contingency Planning Research
10
Business Continuity Spending
Average spending is 3-4% of the overall IT budget
Companies that exercise “best practices” spend 67% of IT budget
Spending is incurred at the planning, implementation
and testing phases
See Disaster Recovery Life Cycle for time zones
where spending is also incurred during actual
recovery. This spending is usually insurable
CRISP
Technologies
www.crisptech.com
11
CRISP
Technologies BCRP® Covers
Risk Management & Business Impact
Optimal Strategy Design and Implementation
Emergency Response
Disaster Recovery & Business Continuity
Re-settlement (Back to the Normal State)
CRISP
Technologies
www.crisptech.com
12
Proven Methodology
A result of 16 years of BCRP focus and 100’s of
man years experience in developing successful
plans for many organizations
A set of base plans, emergency response
procedures, templates, questionnaires, diagrams,
sample guidebooks…. all assembled within an
interactive workflow
CRISP
Technologies
www.crisptech.com
13
BCRP® Components
BUSINESS CONTINUITY / RESUMPTION PLANNING (BCRP)
Organization
Define Primary Business Units
Define Key Functions to be performed
Identify Critical Resources Needed to Perform Key Functions
Critical
Applications
DRP PLAN
Infrastructure
Recovery Options
Key Personnel
Critical
Documents
Facilities &
Equipment
Contingency
Funding
BUSINESS PLANS
Develop and Document Options to Recover or Replace
Critical Business Resources
EMERGENCY RESPONSE PLANS
CRISP
Technologies
www.crisptech.com
14
BCRP® Architecture
LEGEND
Corporate
Business
Methodology
Infrastructure
Master Plan
Business Areas Guidebooks
Define Critical Resources
Select Recovery Time Objectives (RTO)
Describe Operating Procedures
Define User Alternate Procedures
Infrastructure Guidebook
Recovery
Options
Recovery
Sites
Backup
Equipment
Telecom
Links
Quick-Ship
Arrangements
Documentation
Procedures
Plan
Testing
DRP Revision
& Sign Off
* Efficiency
* Contracts
* Acquire
* Switching
* Contracts
* Operational
* Infrastructure
* Critical Apps.
*Q/A
* Set-up
* Configure
* Capacity
* Delivery
* Recovery
* Telecom
* RTO
* Redundancy
* Security
* Activate
* Security
* Timing
* Resettlement
* Applications
* Technology
CRISP
Technologies
www.crisptech.com
15
Sample BCRP® Interactive Workflow Screens
CRISP
Technologies
www.crisptech.com
16
CRISP
Technologies
www.crisptech.com
17
CRISP
Technologies
www.crisptech.com
18
CRISP
Technologies
www.crisptech.com
19
CRISP
Technologies
www.crisptech.com
20
Plan Execution
Incident Escalation & Emergency Response
Resolve
incident
Prepare
report
Contact members
of
Discovery &
Assessment
Contact
MGMT Leader
and report on
status
Yes
Incident
detected
Problem can
be resolved
locally
No
On-site
Operations
Leader
Prepare
initial report
Initiate
resolution
Yes
Review
initial report
Is resolution
possible in less time
than lowest
RTO?
Assess
incident
Discovery &
Assessment
Group
Prepare
report
No
Contact MGMT
Provide
Assessment &
recommendation
MGMT
Review &
monitor
resolution
activities
No
Disaster
to be
declared
Review
recommendation
Yes
Disaster
limited to
IT environment
Tier 1 or 2
No
Contact NRT
to coordinate
activities
Yes
Activate
IT BCP Teams
and initiate
emergency
recovery process
Notify NRT
of
status
Follow
Guidebooks for
team process
and interactions
CRISP
Technologies
www.crisptech.com
21
CRISP
Technologies
www.crisptech.com
22
CRISP
Technologies
www.crisptech.com
23
Management Roadmap to Recovery
T1 (0 - 4 Hours) - Emergency Response
T2 (4 to 24 Hours) - Critical Recovery
T4 (96 Hours to 7 Days) - Interim
Operations & Restoration
T3 (24 to 96 Hours) - Interim Operations
T5 (1 to 5 Weeks) - Restoration & Re-settlement
T6 (5 to 10 Weeks) - Re-settlement
Event
On-site personnel detect
incident involving critical
resources (MP)
ERT notifies Executive Team Leader of
potential disaster at a certain Facility,
Corporate wide, or external (MP)
Resolved
within X hrs
Yes
No
(MP)
Resolve incident (MP)
Yes
Resolved
within Y hrs
Escalate (MP)
Facility Management Team
reviews final reports
Facility Management Team
convenes post mortem
(FACM)
(FACM)
(MP)
Facility Management Team
instigates BCRP maintenance
(FACM)
Deactivate Team
(FACM)
No
Escalate to Management
Facility Management, Facility Security, Facility Administration, Executive
and Emergency Response Teams
Prepare report (MP)
Continue with Local
Escalation Processes until
resolution (MP)
B
(MP)
No
Potential
disaster (MP)
Yes
Contact Discovery &
Assessment (MP)
Contact Facility Management
Team Leader and report (MP)
Prepare initial report (MP)
D&A review initial report (MP)
Resolution
within lowest
RTO (MP)
D&A assess incident (MP)
Initiate resolution (MP)
Yes
No
Contact Facility Management
Team to provide assessment
and recommendations (MP)
Prepare report (MP)
Facility Management Team
reviews situation (FACM)
Facility Management Team
reviews and monitors
resolution (FACM)
No
Disaster to be
declared
(FACM)
Yes
Disaster
limited to Tier I or
II (FACM)
Use the Quick Reference
Card to contact appropriate
Team members (QRC)
No
Executive Team Reviews
situation and coordinates
activities (Exec)
Yes
Provide resources
Facility Management Team
activates BCRP Teams
(FACA)
Provide contract admin
Provide accounting services
Track expenditures
(FACA)
(FACA)
(FACA)
Provide access to new and
existing contracts
(FACA)
Record resettlement costs
Return to normal processes
(FACA)
(FACA)
Provide summary of
situation clearing
Return leadership folder to
quickstart box
(FACA)
(FACA)
Deactivate Team
(FACA)
(FACM)
Coord. calls for quickstart
box (QSB)
Coord. calls for leadership
folder from quickstart box
Coordinate BCRP adherence
and control
(FACS)
(FACS)
Monitor and report
(FACS)
C
Facility Management
arranges AROC use
B
Business
Teams
(FACM)
Assemble teams at user
recovery work area
Determine failure point with
resource support
(BUC)
(BUO)
Perform business processes
to recovery point
Perform interim business
processes
Provide management status
reports
Establish backlog operating
schedule
Migrate business operations
to new primary site
(BUO)
(BUO)
(BUO)
(BUO)
(BUO)
Arrange physical security at
ARC
Notify Telecom Supplier
(FACR)
Activate Facility Teams
(FACM)
Test interim resources
(BUO)
Build and verify network
connectivity to URWA &
ARC (FACR)
Re-establish operating
environment at primary site
(FACR)
Design network for new
primary site
Build new primary site
network
(FACR)
(FACR)
(FACR)
(FACR)
Prepare final report
(BUC)
Deactivate teams
(BUC)
Re-establish business
processes at primary site
(FACR)
Provide connectivity to any
other sites
Provide voice connectivity
Review paper/manual
processes for updates to
system (BUO)
(FACR)
Establish connectivity
between interim and primary
site (FACR)
Obtain and provide phone
desksets as needed
(FACR)
Arrange Other communications
connections
(FACR)
Set up operating
environment
(FACR)
Recover resources
(FACR)
Facility Teams
A
Establish interim operating
schedule
Ensure control integrity is
maintained
Manage changes to
standard controls
Record expenses incurred
during interim operations
Record and relay problem
reports
(FACR)
(FACR)
(FACR)
(FACR)
(FACR)
Set up security and access
(FACS)
Locate and install Computer &
other Recovery Equipment
(FACR)
Have Telecom supplier
redirect Help Lines
Notify staff of location and
process requirements
Establish trouble ticket
communication methods
(FACR)
(FACR)
(FACR)
Schedule interim controls
Confirm control processes
Monitor systems
(FACR)
(FACR)
(FACR)
Monitor equipment usage
Order equipment as required
(FACR)
(FACR)
B
Communicate recovery
status updates to users as
required (FACR)
Start processing user
requests
Start monitoring problems
(FACR)
Establish backlog operating
schedule
Migrate operations to new
primary site
Remove sensitive data from
interim site
De-activate interim site
when all processes resettled
(FACR)
(FACR)
(FACR)
(FACR)
Deactivate teams
(FACM)
Prepare final report
(FACR)
(FACR)
C
Acquire and Deploy
Emergency Supplies
(FACA)
Order and expedite
shipment of new equipment
(FACA)
Coordinate equipment and
personnel movement
(FACA)
Authorize Return of
Quickstart boxes to offsite
(FACM)
B
Resources
A
Assemble teams at control
center
Determine failure point with
Business Operations
(BURC)
(RES)
Test recovered resources
(RES)
Notify Business Managers of
availability
Perform resource processes
to recovery point
Provide interim resource
support
Provide management status
reports
Establish backlog operating
schedule
Restore production from
recovery site
Migrate resource support to
new primary systems
(RES)
(RES)
(RES)
(RES)
(RES)
(RES)
(RES)
CRISP
Technologies
www.crisptech.com
Review paper/manual
processes for updates to
system (RES)
Prepare final report
(BURC)
Deactivate teams
(BURC)
24
Sample
BCRP Interactive Workflow
Contingency Planning
Contingency Planning
Business Continuity Planning for Outsourcing
Clients
Audit and Assessment of SCADA Control System
CRISP
BCRP Interactive Workflow
Petro Canada
Business Continuity & IT Disaster Recovery Planning
Asset Management Needs Definition & Analysis
DRP & IT BCP for London, Aberdeen, Essen, Hague
Shaw Cable Systems
Audit and Security of SCADA Control System
New York Power Authority
Business Continuity plan audit & development
BCRP Interactive Workflow
Peters & Company Financial Corporation
BCRP Methodology
IT Disaster Recovery Plan
BCRP Interactive Workflow
Contingency Planning
Palliser Health Region
Florida Water Supply & Treatment Facilities
Network Security Audit
Contingency Planning
Ontario Realty Corporation
Business Resumption Planning
Recovery Plan Automation
Energy Utility Board (EUB)
EDS Canada
Crestar Energy (Gulf/Conoco)
Contingency Plan Audit
BCRP Interactive Workflow
Emergency Response Automation with CRISP Workflow
Review existing plans and performing gap analysis
Nexen Energy
City of Winnipeg
IT Infrastructure Review & Disaster Recovery
Planning
BP Amoco
Private Banking - Monaco
Nice Cote D’azur Airport
Risk Assessment and Contingency Planning
Alta Gas
Air Canada
CRISP Technologies BCRP® Clients
IT Infrastructure & Security Planning
Trans Canada Pipelines
Business Continuity Planning
Technologies
www.crisptech.com
25
Workflow Value Proposition & Hot Buttons
Removes the mystery of plan development & Stress of
Emergency Response
Presents Consulting with a “Touch & Feel” approach
Shows what the plan would look like at the start of the
project
Provides a sure path for SOX, ISO 17799, CRBF 97.2,
Bale 2 and other Audit & Control compliance
Investment that guarantees results with less risk, time
and cost
CRISP
Technologies
www.crisptech.com
26
What Our Customers Are Saying
“The CRISP BCRP methodology, tools and templates
combined with their professional consulting services
provided us with the ability to quickly and effectively
develop, implement and maintain our IT Business
Continuity and Disaster Recovery Plans”
* Petro-Canada*
“ The CRISP BCRP methodology allowed us to quickly get to
the heart of the disaster recovery process without having to
spend needless time reaching agreement on the initial
format and organization of the material”
* Alberta Energy Utility Board *
CRISP
Technologies
www.crisptech.com
27
Why CRISP Technologies ?
Worldwide recognition as experts in Business Continuity
Flexible & neutral business approach
BCRP® Interactive Workflow
Proven Methodology from hands-on practical experience
Fully invested in long term product development &
support
CRISP
Technologies
www.crisptech.com
28
Small Enough to be Responsive
Large Enough to Provide a Total Solution
CRISP
Technologies
www.crisptech.com
29