Transcript Document
Establishing Lines Of Communication Before a Crisis Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis Organizing & Developing The Plan Copyright 2004 Turning Point Solutions Statistics to Ponder • Who Owns BCP In Your Organization? • 43% - Information Technology • 33% - Corporate/General Management • 8% - Risk Management • 6% - Facilities Management • 5% - Information Security • 5% - Other CPM/KPMG Study 2002 • • • • • • 37% - Information Technology 22% - BCP Department 15% - Other 12% - Risk Management 7% - Security 5% - Financial Strohl Systems Survey May 2003 Copyright 2004 Turning Point Solutions Statistics to Ponder • What Is Executive Sponsor’s Title? • • • • • • 28% - Vice President 23% - Other 16% - CIO 14% - CEO/President 8% - Manager 8% - CFO Strohl Systems Survey May 2003 • Who Defines Recovery Strategies? • 76% - Information Technology • 5% - CEO • 4% - Non-IT Management Veritas Study 2003 Copyright 2004 Turning Point Solutions Organizing & Developing The Plan Make Planning Part of an Organization-Wide Program Obtain support at the highest levels of the organization Develop a Organization-Wide approach to recovery planning & strategies Identify and Include External Support Teams In The Plan Organization (Municipal Agencies, Vendors, Suppliers, Tech Support Orgs) Copyright 2004 Turning Point Solutions Organizing & Developing The Plan Recovery requirements and strategies must include the business perspective Faculty & Administrative Units Functional Impact Business Impact Business Partners, Students & Families Work-InProgress Transaction Processing Application & Desktop Requirements Recovery Time Objectives, Requirements, & Priorities Processing Platform Requirements Data Storage Backup & Requirements Applications Requirements Data Communication s Requirements User Desktop Requirements Data Center Copyright 2004 Turning Point Solutions Statistics to Ponder • What Does the Plan Cover? • 23% - Do not cover all essential data center functions. • 20% - Include recovery of the desktop environment • 15% - include IT recovery for remote offices Veritas Study 2003 • Where is Your Plan Kept? • 62% - The company's main data center • 20% - Company building away from data center • 15% - Off-site at a third party's secure location • 5% - Don’t Know Veritas Study 2003 Copyright 2004 Turning Point Solutions Organizing & Developing The Plan Ensure that Facultative and Administrative Requirements are Identified and Communicated IT Platform & Data Backup Requirements Review Data Backup and offsite Storage frequencies Establish Battleboxes and send them offsite Meet with IT to work recovery objectives and Requirements Special Requirements/Protection for Research Programs Student Requirements Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis Organizing Communications Copyright 2004 Turning Point Solutions Statistics to Ponder • How Many Employees are involved in Plan Development & Maintenance? • • • • 48% 29% 16% 11% - Less than 10 10-50 More than 100 50-100 Strohl Systems Survey May 2003 • Is the Employees DR/BCP Plan Awareness & Training Program Sufficient? • 75% - No • 26% - Yes CPM/KPMG Study 2002 Copyright 2004 Turning Point Solutions Statistics to Ponder • During Call Tree Tests only 60% of the primary people on call lists are successfully contacted Composite of Actual Test Results TPS • What Is the Extent of Your organization’s reliance on 3rd party service providers? • 39% - Moderate Use • 35% - Minor Use • 20% - Significant Use • 6% - No use CPM/KPMG Study 2002 Copyright 2004 Turning Point Solutions Organizing Communications Develop an Effective Internal & External Emergency Management Organization Incident Response Team (IRT) (Include: Facilities, Security, Key IT Support & Municipal Authorities) Operations Emergency Management Team (Include: Facilities, Security, Key IT Support & Key Faculty & Admin Owners) External Recovery Support Teams IT Support Recovery Teams Faculty & Administrative Support Teams Executive Emergency Management Team (Include: SVPs, etc) Students & Families Copyright 2004 Turning Point Solutions Organizing Communications Identify the roles and requirements of all internal and external Groups involved Identify 3rd party vendors supporting applications software and other critical IT components Examine SLAs for emergency response provisions Conduct recovery walkthroughs and tests with 3rd party support vendors Include 3rd party vendor contact information in the emergency contact section of the plan Copyright 2004 Turning Point Solutions Organizing Communications Ensure that systems and networking infrastructure recovery requirements and strategies are included Identify dial access requirements Establish network recovery strategies for remote offices, branches, vendor and customer links Establish a conference bridge phone line to conduct assessment, decision making and status review meetings Establish a Emergency Status Information line to publish recorded recovery status messages for staff and employees Copyright 2004 Turning Point Solutions Organizing Communications Establish Connections with Emergency Management Agencies NEDRIX Notify MEMA ESF18 Establish Credentials to Identify Essential Employees CEAS/BNET-NE (Boston Approved, State considering it, Cambridge just starting to organize) Copyright 2004 Turning Point Solutions Organizing Communications Establish Connections with Local Media Provide names of contact person to keep on file Establish 3 Emergency Operations Center locations One in the building One in building nearby One at recovery site Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis Maintaining & Testing The Plan Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Establish policies and guidelines to foster a culture where recovery planning and plan maintenance are part of the standard process Include DR planning review in all business related projects (acquisitions, reorgs, new customers, etc.) Include DR planning review in the change control process and enforce it Include DR planning review in the systems development life cycle Include DR planning/requirements expense in all project budgets Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Fostering a DR Planning Culture (continued) Add DR planning objectives and responsibilities to job descriptions and performance appraisals Train the Auditors Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Promote awareness of the plan Meet with marketing and public relations to relate selling points of the program Conduct annual internal seminars for business and IT teams to meet and learn facets of the plan Include plan reviews in Staff meetings Make DR part of the standard ongoing tasks/projects review at all staff meetings and activity reports Copyright 2004 Turning Point Solutions Statistics to Ponder • What About Testing? • 24% - Companies that do not test • 34% - US Companies the do not test • 48% - Said they don’t have time Veritas Study 2003 Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Make testing a continual program in all parts of the organization Develop test schedules for all critical IT components Conduct integrated testing wherever possible Include business units in testing Include offsite storage inventory reviews as part of the testing program Make call tree tests part of the program Copyright 2004 Turning Point Solutions Maintaining & Testing The Plan Testing (continued) Use plan testing as a means for training, validating and updating plans Expand testing objectives beyond the data center Test to validate recoverability. Test reporting should identify results, issues and next steps. Copyright 2004 Turning Point Solutions Be Ready when opportunity comes. Luck is the time when preparation and opportunity meet. Roy D. Chapin Jr. Copyright 2004 Turning Point Solutions Questions?????????????? Copyright 2004 Turning Point Solutions