Disaster Recovery and Business Continuity Planning Jane Holmes
Disaster Recovery and Business Continuity Planning Jane Holmes, CPP Director, US Payroll Meggitt USA
Agenda Title u Disaster Recovery vs. Business Continuity u Key Components to Disaster Recovery & Business Continuity u Comprehensive Business Continuity u Business Continuity Planning Cycle u Business Continuity Recovery Plan u Payroll Business Continuity Recovery Plan 2 2
Disaster Recovery vs. Title Business Continuity u Disaster Recovery focuses on the plan to reestablish operations by protecting the “Tools” of the business… • Systems and Hardware • Data integrity and back-up • Facilities and security • Data Flow • People resources and documentation 3 3
Disaster Recovery vs. Title Business Continuity u. Business Continuity keeps the business running during a disaster… • Provides the location to perform work • Enables staff to resume work or provide for substitutes • Enables systems and hardware to be deployed or interim solutions placed in operation • Completes the functions of the payroll department 4 4
Types of Disasters Title u Catastrophic climate or geological events u Pandemics u Fires, including arson u Terrorist attacks or instances involving significant destruction of property u Labor walkouts or strikes u Security breaches and computer attacks u System failures 5 5
Disasters. Title in the News u Australia/New Zealand u Chile u Japan u East Coast Whiteout u Mid-west Tornadoes & Flooding u Egypt u Other political challenges throughout Middle East and Africa 6 6
2011 Federal Disaster/ Title Emergency Declarations u Federal Disaster/Emergency Declarations thru July 2011 Winter Storms, Flooding, and Debris and Mud Flows CA, OR, UT, WA Severe Winter Storm and Snowstorm CT, IL, MA, MO (2), NJ, NM, NY, ND, OK (2), WI Severe Storms And Flooding IL, ME, MN, MT, NH, OK, PA, VT (2) Tsunami Wave Surge CA, HI, OR Severe Storms, Tornadoes, and Flooding AR (2), KY (2), MN, MO, NC, TN Severe Storms, Tornadoes, Straight-line Winds, & Flooding AL, GA, IN, KS, MS, NY, OK, TN (4) Severe Storms, Tornadoes, and Straight-line Winds AL, IA, MN, OK Flooding IA, KS, LA, MS (2), MO, NE, ND (2), SD, TN Flooding, Landsides, and Mudslides ID, PR, WY Ice Jam and Flooding AK Wildfires TX Total Declared Disasters & Emergencies 69 (38 states & Puerto Rico) http: //www. fema. gov/news/disasters. fema? year=2011 Fire Management Assistance Declarations (85) AK, AZ (3), CO (3), FL, GA (4), KS, NE, NC, NM (8), OK (17), TX (43), VA (2) 7 7
Pandemics Title- H 1 N 1 u April 2009 – Start of the H 1 N 1 virus u Over 67 million cases reported thru 12/09 u 6/23/10 – CDC declares virus expired u 8/10/10 – WHO declares global concern over u CDC & other health organizations believe there will be instances of flu for years to come u Survey of Fortune 200 companies report most have taken some action to prepare 8 8
Why It Is Important Title to Plan u. Disruptions, even minor ones, can have serious impact u. Missed or late payrolls • Potential federal, state, and local violations • Contractual breach – unions • Employee morale and productivity u. Late third party payments u. Late tax and regulatory filing u. Late posting of General ledger data 9 9
Key Components to Title Disaster Recovery u Create Comprehensive Recovery Plans u Identify communication vehicles and how they will be utilized u Involve Senior Leadership immediately u Establish government, civil authority, and private sector contacts before an event occurs u Ensure plan is communicated to team 10 10
Key Components to Title Disaster Recovery u. Emergency Management: Able to continue critical business processes within a predetermined period following a disaster or other business interruption u. Continuity Planning: Able to resume normal business processes within a predetermined period following a disaster or other business interruption 11 11
Comprehensive Title Business Continuity Lead the enterprise in all aspects of emergency management as well as developing a comprehensive plan to respond to a crisis INITIATE THE PROJECT ANALYZE BUSINESS FUNCTIONS DEVELOP STRATEGY AND MITIGATION BUILD PLAN TEST, EDUCATE, & MAINTAIN PREVENT ______ Disaster Recovery Planning RESPOND ______ Emergency Management RECOVER ______ RESTORE ______ RESUME 12 12
Payroll Business Title Continuity Team u Include functional subject matter experts and project management resources u BCT should include representatives from: • • Business Continuity (Lead) Human Resources / Payroll Benefits / Compensation Legal / Public Affairs Finance / Treasury Communications Operations 13 13
RTO/RPO in Business Continuity Title Planning u RTO (Recovery Time Objective) – Amount of time it takes to recover from a disaster event • Payroll application failure recovery time drives solution and back up • Be conservative - assume system is down the day before payroll runs – what do you need? • Alternatives – file for check printing, paper check manual process, etc. 14 14
RTO/RPO in Business Continuity Title Planning u RPO (Recovery Point Objective) – The amount of data, measured in time, that can be lost in a disaster • Consider if there is a means to reconstruct the lost data • Need to look at what risks you will bear for the costs 15 15
Business Impact Title Analysis u. Foundation for business continuity planning programs • Identify departmental business processes and potential impacts due to an interruption • Identify external resources that may impact your business • Link these processes to the key functions necessary to support organization 16 16
Business Impact Title Analysis u. Foundation for business continuity planning programs • Determine Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) based on their corresponding functions • Realize the current state of recovery preparedness and established workarounds • Evaluate recovery resource requirements 17 17
Risk Assessment Title Process u. Interview senior management about enterprise risks and vulnerabilities u. Conduct formal risk assessment survey with key employees u. Score risk scenarios on probability and severity u. Consider options for each scenario – mitigate, plan and accept 18 18
Business Recovery Title Strategy u. Identify Business Functions, RTOs, & RPOs u. Determine IT Network and System Requirements for current and future years u. Design a Displacement Strategy u. Educate Business Units on roles and responsibilities to build plans u. Maintain & Exercise Business Recovery Plans 19 19
Business Continuity Title Recovery Scenarios u. Disaster – Event which renders company’s facility unusable or inaccessible for a period of time estimated to exceed “xx” calendar days u. Worst-Case Interruption – Company’s facilities are totally unusable or inaccessible and there is no salvageable equipment, data, documentation, etc. 20 20
Business Continuity Title Recovery Scenarios u. Less-Severe Interruption – Ability to resume operations because of the plan identification structure for each time-sensitive operation, information system & support area u. Localized Emergency – Equipment vendors & local utility companies able to replace computer & communications hardware & telephone circuits in “xx” calendar days 21 21
Business Continuity Title Recovery Components u Documentation Files – Business documentation and necessary files for resumption/recovery purposes are backed up and stored or located off-site and/or electronically imaged u Computer Files – Required to implement resumption of Mainframe, WAN & PC/LAN operating environments, and/or support timesensitive business operations are backed up, & rotated & retained off-site for a pre-determined period of time 22 22
Business Continuity Title Recovery Components u. Backup Storage Locations – Backup items for resumption/recovery stored on/off-site or quickly obtained or created from other identified sources u. Internal and External Contacts – Information necessary to quickly complete internal/external contacts required during resumption is documented and maintained in plan 23 23
Business Continuity Title Recovery Components u Cloud Computing Applications hosted by vendor in the “cloud” are accessed through the internet along with data files 24 24
Business Continuity Title Recovery Components u. Resumption Time Frames – Time frame in which time-sensitive business operation and computer and application systems must be made current and available set by company at a maximum of “xx” calendar days 25 25
Business Continuity Recovery Title External Stakeholders u. Bank for ACH files u. Tax authorities – federal, state, local u. Benefit providers – health, 401(k), etc. u. Third-party vendors – outsource providers u. Distribution vendors – printing and distribution u. Union organizations 26 26
Business Continuity Recovery Title System Interfaces u. Time and attendance application u. Payroll application / ERP u. Benefits application u. Accounting system u. Banking application u. Tax application u. ESS/MSS application u. Data repository 27 27
Business Continuity Title Recovery Components u Communication devices to feed various forms of communications receipt • Home/Cell Phone – off-duty and emergency response personnel (include “text” messaging) • Work Phone – emergency response on duty • Pager – (alphanumeric/digital/voice) on-call personnel • Fax Machine – transmit forms/reports to remote locations • Printer – document notification responses/reports 28 28
Payroll Business Continuity Title Recovery – In Action u. Step 1 – Senior Payroll Mgmt meet at disaster recovery site to identify: • Known impacts of disaster & determine action plan • Expected timeline of displacement of employees & system outages • Projected impacts to payroll processing 29 29
Payroll Business Continuity Title Recovery – In Action u. Step 1 (cont. ) – Senior Payroll Mgmt meet at disaster recovery site to identify: • Availability of internal and external resources • Establish communication channels & communicate plan to supervisors & activate phone tree • Confirm available equipment and supplies 30 30
Payroll Business Continuity Title Recovery – In Action u. Step 2 – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s) • • • Setup work spaces, resolve issues with equipment Create shift schedules and confirm staffing roles Set initial plan for following 2 weeks Evaluate employee “assistance plan” needs Confirm sufficient resources for those who will work from home or alternate location 31 31
Payroll Business Continuity Title Recovery – In Action u. Step 2 (cont. ) – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s) • Prepare communication to employees and plan for updates • Establish ongoing communication with employees and system support u. Step 3 – Continue deployment as per plan 32 32
Payroll Business Continuity Title Recovery Planning u. Building the plan • Create a Disaster Recovery Plan binder • Establish approval process to initiate all security access to senior payroll operations • Include system support analysts on phone tree • Define the risks and plan for mitigation and response • Store off-site supplies critical to complete payroll processing 33 33
Payroll Business Continuity Title Recovery Planning u. Building the plan • Inventory and identify critical supplies and equipment for payroll processing • Ensure your plan includes third-party vendors and suppliers with points of contact • Identify the three components of your operations – input, process, and output 34 34
Input, Process, Titleand Output u. Input u. Process u. Output • Setting up • Process data in application • Checks/advices employee income • Validate payroll data • Third party payments and deduction • Bank transfer processing • Tax returns and payments records • Pay adjustments • Validate general ledger • Files for internal data organizations • Time data • Calculate gross to net • Files for external • Tax records • Generate tax deposits and organizations filing • Reconciliations • Reports (internal and external) 35 35
What Makes an Effective Title Disaster Recovery Plan u. Involve All the Pertinent Groups u. Make an Assessment of Needs and Resources u. Plan, Test and Plan u. Communicate, Communicate and Communicate u. Review on a Regular Basis 36 36
Thank you
- Slides: 37