Transcript Document
Establishing
Lines Of Communication
Before a Crisis
Copyright 2004 Turning Point Solutions
Establishing Lines Of
Communication Before a Crisis
Organizing & Developing The Plan
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• Who Owns BCP In Your Organization?
• 43% - Information Technology
• 33% - Corporate/General Management
• 8% - Risk Management
• 6% - Facilities Management
• 5% - Information Security
• 5% - Other
CPM/KPMG Study 2002
•
•
•
•
•
•
37% - Information Technology
22% - BCP Department
15% - Other
12% - Risk Management
7% - Security
5% - Financial
Strohl Systems Survey May 2003
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• What Is Executive Sponsor’s Title?
•
•
•
•
•
•
28% - Vice President
23% - Other
16% - CIO
14% - CEO/President
8% - Manager
8% - CFO
Strohl Systems Survey May 2003
• Who Defines Recovery Strategies?
• 76% - Information Technology
• 5% - CEO
• 4% - Non-IT Management
Veritas Study 2003
Copyright 2004 Turning Point Solutions
Organizing & Developing The Plan
Make Planning Part of an Organization-Wide
Program
Obtain support at the highest levels of the
organization
Develop a Organization-Wide approach to recovery
planning & strategies
Identify and Include External Support Teams In
The Plan Organization
(Municipal Agencies, Vendors, Suppliers, Tech Support Orgs)
Copyright 2004 Turning Point Solutions
Organizing & Developing The Plan
Recovery requirements and strategies must include
the business perspective
Faculty & Administrative Units
Functional
Impact
Business
Impact
Business
Partners,
Students &
Families
Work-InProgress
Transaction
Processing
Application &
Desktop
Requirements
Recovery Time Objectives, Requirements, & Priorities
Processing
Platform
Requirements
Data Storage
Backup &
Requirements
Applications
Requirements
Data
Communication
s Requirements
User Desktop
Requirements
Data Center
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• What Does the Plan Cover?
• 23% - Do not cover all essential data center functions.
• 20% - Include recovery of the desktop environment
• 15% - include IT recovery for remote offices
Veritas Study 2003
• Where is Your Plan Kept?
• 62% - The company's main data center
• 20% - Company building away from data center
• 15% - Off-site at a third party's secure location
• 5% - Don’t Know
Veritas Study 2003
Copyright 2004 Turning Point Solutions
Organizing & Developing The Plan
Ensure that Facultative and Administrative
Requirements are Identified and Communicated
IT Platform & Data Backup Requirements
Review Data Backup and offsite Storage frequencies
Establish Battleboxes and send them offsite
Meet with IT to work recovery objectives and Requirements
Special Requirements/Protection for Research
Programs
Student Requirements
Copyright 2004 Turning Point Solutions
Establishing Lines Of
Communication Before a Crisis
Organizing Communications
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• How Many Employees are involved in Plan
Development & Maintenance?
•
•
•
•
48%
29%
16%
11%
-
Less than 10
10-50
More than 100
50-100
Strohl Systems Survey May 2003
• Is the Employees DR/BCP Plan Awareness & Training
Program Sufficient?
• 75% - No
• 26% - Yes
CPM/KPMG Study 2002
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• During Call Tree Tests only 60% of the primary
people on call lists are successfully contacted
Composite of Actual Test Results TPS
• What Is the Extent of Your organization’s reliance
on 3rd party service providers?
• 39% - Moderate Use
• 35% - Minor Use
• 20% - Significant Use
• 6% - No use
CPM/KPMG Study 2002
Copyright 2004 Turning Point Solutions
Organizing Communications
Develop an Effective Internal & External Emergency
Management Organization
Incident Response Team (IRT)
(Include: Facilities, Security, Key IT Support & Municipal
Authorities)
Operations Emergency Management Team
(Include: Facilities, Security, Key IT Support &
Key Faculty & Admin Owners)
External
Recovery
Support
Teams
IT Support
Recovery
Teams
Faculty &
Administrative
Support Teams
Executive
Emergency
Management
Team
(Include:
SVPs, etc)
Students
&
Families
Copyright 2004 Turning Point Solutions
Organizing Communications
Identify the roles and requirements of all internal and
external Groups involved
Identify 3rd party vendors supporting applications
software and other critical IT components
Examine SLAs for emergency response provisions
Conduct recovery walkthroughs and tests with 3rd
party support vendors
Include 3rd party vendor contact information in the
emergency contact section of the plan
Copyright 2004 Turning Point Solutions
Organizing Communications
Ensure that systems and networking infrastructure
recovery requirements and strategies are included
Identify dial access requirements
Establish network recovery strategies for remote
offices, branches, vendor and customer links
Establish a conference bridge phone line to conduct
assessment, decision making and status review meetings
Establish a Emergency Status Information line to
publish recorded recovery status messages for staff and
employees
Copyright 2004 Turning Point Solutions
Organizing Communications
Establish Connections with Emergency Management
Agencies
NEDRIX Notify
MEMA ESF18
Establish Credentials to Identify Essential Employees
CEAS/BNET-NE
(Boston Approved, State considering it,
Cambridge just starting to organize)
Copyright 2004 Turning Point Solutions
Organizing Communications
Establish Connections with Local Media
Provide names of contact person to keep on file
Establish 3 Emergency Operations Center locations
One in the building
One in building nearby
One at recovery site
Copyright 2004 Turning Point Solutions
Establishing Lines Of
Communication Before a Crisis
Maintaining & Testing The Plan
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Establish policies and guidelines to foster a culture
where recovery planning and plan maintenance are
part of the standard process
Include DR planning review in all business related
projects (acquisitions, reorgs, new customers, etc.)
Include DR planning review in the change control
process and enforce it
Include DR planning review in the systems
development life cycle
Include DR planning/requirements expense in all
project budgets
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Fostering a DR Planning Culture (continued)
Add DR planning objectives and responsibilities to
job descriptions and performance appraisals
Train the Auditors
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Promote awareness of the plan
Meet with marketing and public relations to relate
selling points of the program
Conduct annual internal seminars for business and
IT teams to meet and learn facets of the plan
Include plan reviews in Staff meetings
Make DR part of the standard ongoing
tasks/projects review at all staff meetings and
activity reports
Copyright 2004 Turning Point Solutions
Statistics to Ponder
• What About Testing?
• 24% - Companies that do not test
• 34% - US Companies the do not test
• 48% - Said they don’t have time
Veritas Study 2003
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Make testing a continual program in all parts of the
organization
Develop test schedules for all critical IT
components
Conduct integrated testing wherever possible
Include business units in testing
Include offsite storage inventory reviews as part of
the testing program
Make call tree tests part of the program
Copyright 2004 Turning Point Solutions
Maintaining & Testing The Plan
Testing (continued)
Use plan testing as a means for training, validating
and updating plans
Expand testing objectives beyond the data center
Test to validate recoverability. Test reporting
should identify results, issues and next steps.
Copyright 2004 Turning Point Solutions
Be Ready when opportunity
comes.
Luck is the time when
preparation and opportunity
meet.
Roy D. Chapin Jr.
Copyright 2004 Turning Point Solutions
Questions??????????????
Copyright 2004 Turning Point Solutions