Professional Documents
Culture Documents
Performance/Capacity
BC Components
Disaster Recovery Business Recovery Business Resumption Contingency Planning
Objective
Mission-critical applications
External event
Focus
Deliverable
Sample Event(s)
Sample Solution
Crisis Management
Risk Reduction
Catalysts
Awareness Programs
Fiduciary Responsibility
Detection
Prevention/Planning
Incident Response
Investigation
Evidence
Legal Action
System Architecture
Assess risks of new technology products Identify secure infrastructure requirements Identify secure administrative requirements Establish security responsibilities and servicelevel regulations Identify BC/DR strategies Establish security test strategy
System Design
Translate security architecture to detailed security infrastructure design Develop security baselines for new technologies/ products Develop detailed security admin. design Develop detailed BCP/DR design/ strategy Develop draft SLAs Develop security test plan
Construct
Build/code security infrastructure environment and processes Build/code security admin. environment, roles/profiles and processes Build BCP/DR environment, plans and processes Build/code security test plan, processes, scripts and test environment
Test
Implement
Post Implement
Train secure Turn over administrati secure ve, application operations, infrastructure business to production unit, staff... Implement Identify secure security administrative noncomplia roles/profiles nce issues Implement Identify new business/ security continuity exposures DR Test environment BCP/DR plans to ensure that RTO/RPO is attainable
Identify changes to tested env. Finalize secure admin. env. and processes Finalize security infrastructure environment and processes Finalize BCP/DR env., plans and processes Assess SLA accuracy Finalize risk acceptance with business Ensure that info. security policies are current
Business Continuity Mgr. Business continuity Business Operations Continuity strategy/design Architecture and Audit Design Security Incident identification/response IT IT Recovery management design Information Security IT Operations
Business Operations
Information Security
Legal/Compliance
HR / Public Relations
Problem Resolution
Risk Management
Business Continuity
Information Security
IT Technical Support
IT Applications Support
Vendors/OSPs/Third Parties
Legal/Compliance
Public Relations
BCP Phase Impact Analysis Risk Analysis Strategy Resources Committed Last Tested
Change Mgmt.
Last Major Review Workable Solution Audit
Revenue recognition Cash flow Lost discounts (A/P) Payment guarantees Know your downtime Credit rating costs per hour, day, two Stock price days...
Other Expenses Temporary employees, equipment rental, overtime costs, extra shipping costs, travel expenses...
Transaction Replication
Database Clusters
Database Replication
Examples EMC SRDF, Compaq DRM, IBM PPRC and XRC, HDS HARC and HRC Quest Shareplex, Oracle Standby Database, ENET RRDF, SQL Server 2000 Legato Octopus, NSI Doubletake, Veritas SRVM Typically implemented with message-queuing middleware
Application-based replication
Emerging Technologies/Services
Capacity on demand/emergency back-up
Tape Backup/Archival
Operational Site
HighAvailabilityBased Service Warm Site and Mobile Recovery Quick Ship 2000
Warm Site and Mobile Recovery
Whats new Full-service Web-hosting with BC designed in, multisite infrastructures for continuous availability, Web site and network throttling for performance
Contract Terms
Include early-termination conditions Agree to a buy-out schedule
Miscellaneous
Understand the right of access: first come, first served or shared Check syndication levels, risk exposures and exclusion zones Touch the equipment. Visit the recovery center