Building a Solid Business Continuity Program Michael Emerson
Building a Solid Business Continuity Program Michael Emerson Senior Manager, Security and IT Operations “By failing to plan, you are planning to fail” - Albert Einstein January 23 -26, 2007 • Ft. Lauderdale, Florida
Business Continuity Program Phases Phase 1 Project Initiation Phase 2 Business Impact Analysis Phase 3 Continuity Strategies Phase 4 Plan Development Phase 5 Maintenance, Testing and Audit January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 1 – Project Initiation • Develop a Business Continuity Steering Committee • Define the Program Scope – – – Timelines Sites Business Units Key Processes BC/DR Polices and Procedures January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 1 – Project Initiation • • Planning Methodology Worst case scenario – Anything less becomes a subset • • Avoid specific scenario planning unless risk assessment warrants activity Develop an Activity Log January 23 -26, 2007 • Ft. Lauderdale, Florida
Worst Case Scenario Planning When planning for Business Continuity… …always plan for the worst and the unexpected January 23 -26, 2007 • Ft. Lauderdale, Florida
Worst Case Scenario Planning Damages from Hurricane Ernesto……. . January 23 -26, 2007 • Ft. Lauderdale, Florida
Scenario Planning Unexpected Disaster Phase 1 Pre Declaration Assessment January 23 -26, 2007 • Ft. Lauderdale, Florida
Hurricane Timeline and Phases Landfall Monitoring Named Storm Level 1 Activation Stand Down Assessment Decision Declare Or Resume Bus. January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 1 – Team Structures • Develop Team Structures – – Core Business Continuity Team Emergency Response Team Business Unit Teams Disaster Recovery Team • Role Based Team Structure • Best and Brightest People January 23 -26, 2007 • Ft. Lauderdale, Florida
Team Breakdown Emergency Management Team Communications Team Campus Response Team Business Readiness Team Business Unit Teams January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 2 - Business Impact Analysis • The BIA is the initial step for Business Continuity planning from which the whole BCP program is built. • Provides the data from which appropriate continuity strategies can be determined • Ranks core business activities – – Grades activities from a financial and non-financial impact Determines interdependencies Defines recovery time objectives Defines process, people, equipment and IT systems needed to meet continuity objectives January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 3 – Develop Strategies Hardened, carrier rich Corporate Datacenter Fully online DR datacenter Fail-over is automated where it makes sense and a single manual step when necessary Users continue to do the exact same things when the systems are failed over. January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 4 - Plan Development • Business Continuity Team Plans – – Emergency Management Plans Business Unit Plans Disaster Recovery Plans Change Management • Define Plan Ownership • Maintenance Policy • Disaster Recovery – Change Management – Project Lifecycle – Records Retention January 23 -26, 2007 • Ft. Lauderdale, Florida
Phase 5 – Maintenance, Testing & Audit • Disaster Recovery Testing • Tabletop Exercises • Local Authorities • Outside Auditors • Awareness • PRACTICE AS IF YOU WERE PERFORMING January 23 -26, 2007 • Ft. Lauderdale, Florida
Closing Statements • Business Partnership • Frequent Business Continuity Meetings – Steering Committee – Awareness Programs • Disaster Recovery Strategies – Incorporate into daily production processes • Work – Something you do, not someplace you go! January 23 -26, 2007 • Ft. Lauderdale, Florida
- Slides: 16