The document discusses business continuity planning (BCP) and outlines its phases. It notes that without BCP, businesses can face direct financial losses, lost revenue, productivity impacts, and reputational harm from downtime. The phases outlined include project initiation, conducting a business impact analysis to determine recovery objectives, developing recovery strategies, planning and testing the BCP, and ongoing maintenance through training and awareness.
The document discusses business continuity planning (BCP) and outlines its phases. It notes that without BCP, businesses can face direct financial losses, lost revenue, productivity impacts, and reputational harm from downtime. The phases outlined include project initiation, conducting a business impact analysis to determine recovery objectives, developing recovery strategies, planning and testing the BCP, and ongoing maintenance through training and awareness.
Original Description:
Business Continuity Planning Services offered by CIOassist Technologies, India
The document discusses business continuity planning (BCP) and outlines its phases. It notes that without BCP, businesses can face direct financial losses, lost revenue, productivity impacts, and reputational harm from downtime. The phases outlined include project initiation, conducting a business impact analysis to determine recovery objectives, developing recovery strategies, planning and testing the BCP, and ongoing maintenance through training and awareness.
The document discusses business continuity planning (BCP) and outlines its phases. It notes that without BCP, businesses can face direct financial losses, lost revenue, productivity impacts, and reputational harm from downtime. The phases outlined include project initiation, conducting a business impact analysis to determine recovery objectives, developing recovery strategies, planning and testing the BCP, and ongoing maintenance through training and awareness.
Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in) rajesh.bhatia@cioassist.in Why Business Continuity?
REVENUE Direct Loss Deferred Losses Compensatory Payments Lost Future Revenue Billing Losses Investment Losses FINANCIAL PERFORMANCE Lost Market Share Revenue Recognition Cash Flow Lost Discounts Payment Guarantees Stock Price Credit Rating
OTHER EXPENSES Temporary employees, Equipment Rental, Overtime, Extra Shipping Costs, Travel Expenses, Etc. REPUTATION Customers Suppliers Financial Markets Banks Business Partners Etc. PRODUCTIVITY Loss Of Productivity Employees Impacted @ X Burdened Hourly Rate LEGAL/REGULATORY Contractual Requirements SLAs Regulatory Requirements
The Cost of Downtime BCP Phases Project Management and Intonation Conduct Business Impact Analysis Develop Recovery Strategies Plan, Design and Development Testing, maintenance, awareness and training
BCP Is an on-going process, not a project with a beginning and an end
Testing Maintenance Awareness Training 5 Plan, Design and Development 4 1 Project Initiation: Understand Your Business 3 Develop Strategies for Supply & Technology Recovery Data Recovery 2 Conduct Business Impact Analysis to identify Recovery Point (RPO) Service Delivery (SDO) Recover Time (RTO) Maximum Tolerable Outage (MTO) BCP BCP Phases Developing and approval of BCP policy Define BCP committee operational units representatives senior management IT security IT specialized experts, and optionally support units like (technical affairs) Define BCP project scope and objectives Provide the necessary project funds and resourses Project Initiation Business Impact Analysis Collect data through interviews, survey, documenting business functions, transactions, activities Develop hierarchy of business functions and apply a classification scheme to indicate each individual functions criticality level. Identify the resources that these functions depend upon Calculate Maximum Tolerable Outage (MTO) for these functions Identify vulnerabilities and threats to these functions Calculate risk for each different business function Document findings and report them to management
Business Impact Analysis Recovery Time Objective (RTO): Time duration organization can wait between point of failure and service resumption Service Delivery Objective (SDO): Level of service in Alternate Mode Maximum Tolerable Outage: Max time in Alternate Mode Regular Service Alternate Mode Regular Service RTO Maximum Tolerable Outage SDO Interruption Time Disaster Recovery Plan Implemented Restoration Plan Implemented Business Impact Analysis
How far back can you fail to? How long can you operate without a system? One weeks worth of data? Which services can last how long? I n t e r r u p t i o n
1 1 1 Hour Day Week Recovery Point Objective Recovery Time Objective I n t e r r u p t i o n
1 1 1 Week Day Hour Business Impact Analysis
Move to Alternate Site Return Home Resume Business Data Synchronization Restore Technology Capability Restore Communications Restore Business Functions Notifications Vital Records Lost Data Data Recovery Objective Recovery Time Objective (If necessary) High Level Look at a Recovery Effort Recovery strategies Supply and technology recovery Network and computer equipment Voice and data communications resources Human resources Transportation of equipment and personnel Environment issues (HVAC) Data and personnel security issues Supplies (paper, forms, cabling, and so on) Documentation Data recovery Restoring Backed-up data
Recovery Strategies
Cost Time Service Downtime Alternative Recovery Strategies Optimum Cost * Hot Site * Warm Site * Cold Site Identifying the Optimum Strategy Recovery strategies Business process recovery Facility recovery
Site Cost Hardware Equipment Telecommunications Setup Time Location Cold Site Low None None Long Fixed Warm Site Medium Partial Partial/Full Medium Fixed Hot Site Medium/High Full Full Short Fixed Mobile Site High Dependent Dependent Dependent Not Fixed Mirrored Site High Full Full None Fixed Plan Design and Development All finding and decisions to be developed and documented. Submission of document for approval Define execution procedure(s) for the plan.
Testing, maintenance, awareness and training Validating that decisions are suitable and correct by performing Checklist Test Structured Walk-Through Test Simulation Test Parallel Test Full-Interruption Test Maintaining the plan Make business continuity a part of every business decision Insert the maintenance responsibilities into job descriptions Perform internal audits that include disaster recovery and continuity documentation and procedures to update the plan. Integrate the BCP into the change management process Training and awareness programs are an integral part of the BCP process
BCP Is an on-going process, not a project with a beginning and an end