Disaster Recovery and Business Continuity

IT Risk Management and Audit

 Outline
• Disaster Recovery
• Business continuity
 Learning Outcome
• LO2: Describe the characteristics of various techniques of
IT Risk Management and Auditing and understand how
each of them works.
• LO3: Apply relevant frameworks/ techniques of IT Risk
Management and Auditing according to individual
cases/problems and perform evaluation.
• LO4: Analyse the results obtained from frameworks/
techniques of IT Risk Management and Auditing from
several perspectives and able to provide suggestions to
improve the system performance.
• LO5: Propose business continuity plan and IT auditing
that can mitigate the IT infrastructure disruptions.
 Outline
• Disaster Recovery
• Business continuity
 INTRODUCTION
CONTINGENCY PLANNING (CP)
INCIDENT DISASTER
RESPONSE RECOVERY
PLANNING PLANNING

BUSINESS
CONTINUITY
PLANNING
 INTRODUCTION CONTIGENCY
PLANNING (CP)
• Tahapan secara general
 INTRODUCTION CONTIGENCY
PLANNING
• CONTIGENCY PLANNING TIMELINE
 Introduction
• An organization should operate on the premise
that it is only a matter of time until a disaster
strikes
• Proper response to a disaster requires
meticulous preparation and ongoing diligence
• In the event of a total loss, an organization must
be prepared to promptly reestablish operations
at a new permanent location

Bina Nusantara
 Introduction
• The compelling need for DR contingency plans is documented
by industry reports:
• Over 90 percent of those organizations experiencing disruption
at a data center lasting 10 days or longer were forced into
bankruptcy within one year.
• Over 40 percent of companies that experience a disaster never
reopen.
• Nearly 30 percent of companies that experience a disaster fail
within 2 years.
• Downtime as a function of labor exposes large organizations to
an average loss of over $1 million per hour.
• Service interruptions cause average revenue losses of $60,000
to $250,000 per minute
Bina Nusantara
 Facing Key Challenges

• Disasters are not confined to the IT department

or limited to the assets of the organization
• Disasters may also affect the community and
employees personally, as well as vendors and
suppliers
• In a major or widespread disaster, there may be
challenges associated with local emergency
services, service providers, and other-non
business issues
Bina Nusantara
 Facing Key Challenges (continued)
• Areas possibly affected in a major disaster:
– Basic emergency and transportation services
– Food and survival supplies
– Water supplies and sanitation
– Electrical power
– Products and services delivered by vendors and
suppliers
– Telecommunications services (land and cellular)
– Transportation services (freeways, highways, and
local streets)
Bina Nusantara
 Facing Key Challenges (continued)
• Disasters can be classified by cause:
– Man-made: war, terrorism, cyberterrorism,
etc.
– Natural: fire, flood, earthquake, hurricane,
lightning, tornado, etc.
• Disasters can be classified by speed of
development:
– Rapid onset: occur suddenly with little
warning
– Slow onset: occur over time and deteriorate
the capacity of the organization to withstand
 Facing Key Challenges (continued)
• Major disaster can result in:
– Declaration of state of emergency
– Imposition of martial law
– Restrictions on movement or quarantines
• DR plan typically involves 5 phases:
– Preparation
– Response
– Recovery
– Resumption
– Restoration

Bina Nusantara
 DISASTER RECOVERY PLAN PHASE

• PLANNING PHASE
• THE PLANNING AND REHEARSAL NECESSARY TO RESPOND A
DISASTER
• RESPONSE PHASE
• The identification of a disaster , notification of appropriate individuals , and
immediate reaction to the disaster
• RECOVERY PHASE
• The recovery of necessary business information and systems
• RESUMPTION PHASE
• The restoration of critical business functions
• RESTORATION PHASE
• The reestablishment of operations at the primary site , as they were before
the disaster
 Preparation: Training the DR Team
and the Users
• In DR planning, there is no prevention phase
• Take steps during preparation to minimize losses
• Preparation: making an organization ready for possible
contingencies that escalate to disaster
• Preparation phase is continuous, but other phases are
activated by triggers such as:
– Management notification
– Employee notification
– Emergency management notification
– Local emergency services
– Media outlets
Bina Nusantara
 Disaster Recovery Planning as Preparation

• 3 primary objectives of the DR plan:

– Eliminate or reduce potential for injuries or loss of life, damage to
facilities, and loss of assets and records to minimize disruption and
financial loss and reduce or limit liability exposure
– Stabilize the effects of the disaster to allow recovery efforts to begin
– Implement DR procedures

Bina Nusantara
 Disaster Recovery Planning as
Preparation (continued)
• Recovery efforts must be prioritized as follows:
– Employees
– Customers
– Facilities
– Assets
– Records
• CP team creates scenario development and
impact analysis, and categorizes the level of
threat for each potential disaster
Bina Nusantara
 Disaster Recovery Planning as
Preparation (continued)
• Key features of the DR plan:
– Clear delegation of roles and responsibilities
– Execution of the alert roster and notification of key
personnel
– Use of employee check-in systems
– Clear establishment and communication of
business resumption priorities
– Complete and timely documentation of the disaster
– Preparations for alternative implementations
Bina Nusantara
 Disaster Recovery Planning as Preparation
(continued)
• All employees should have 2 types of emergency information in
possession at all times:
– Personal emergency information (who to notify)
– Instructions on what to do in the event of an emergency (snapshot of
the DR plan)
• Emergency info should include contact number or hotline for the
organization, emergency services numbers, evacuation and
assembly locations, disaster recovery coordinator, etc.
• Crisis management: focused steps that deal with safety of people
who are involved in the disaster

Bina Nusantara
 DR Training and Awareness

• DR training focuses on the roles each individual is

expected to execute during an actual disaster
• For most employees, training is limited to awareness
• General job function training is key to being prepared
for disaster recovery actions
• Cross-training should also be considered, both
vertically and horizontally, to deal with personnel
shortages
• Training should include operating in degraded mode
Bina Nusantara
 DR Training and Awareness (continued)

• Disaster management team (command and control group)

training is primarily about communication
• Communications team training involves preparing information
notices, news releases, and internal memorandums and
directives
• Hardware recovery team training may include training to rebuild
damaged systems by scavenging from other damaged systems

Bina Nusantara
 DR Training and Awareness
(continued)
• Systems recovery team training is mostly the
same as their normal operations training
• Network recovery team training may include
wireless network installation as a quick recovery
mechanism, walkie-talkie deployment, and other
connectivity mechanisms
• Storage recovery team training may include
rebuilding damaged storage systems and
recovering data from offsite
Bina Nusantara
 DR Training and Awareness (continued)
• Applications recovery team training primarily consists of skills
used in normal operations
• Data management team training focuses on rapid data restoration
and recovery from backup
• Vendor contact team training focuses on methods of obtaining
resources as quickly as possible
• Damage assessment and salvage team training primarily consists
of hardware repair skills that enable team members to determine
if items are repairable or not

Bina Nusantara
 DR Training and Awareness
(continued)

Bina Nusantara
 DR Training and Awareness
(continued)
• Business interface team training includes
communication skills and mechanisms for
assisting with routine needs
• Logistics team training includes training in
purchasing and procurement and providing rest
and comfort for other workers

Bina Nusantara
 DR Plan Testing and Rehearsal
• Testing of the plan and the training and rehearsal of the plan
can overlap
• Testing can involve several levels of assessment:
– Employee self-assessments
– Peer evaluations
– Formally appointed internal assessors
– External certification or accreditation groups
• Classroom training should come first before actual rehearsals

Bina Nusantara
 DR Plan Testing and Rehearsal
(continued)
• Testing strategies include:
– DR plan desk check: individual review of plan
– DR plan structured walk-through: group exercise
– DR plan simulation: each individual works independently
– DR plan parallel testing: act as if the disaster had occurred but do not
interfere with normal operations
– DR plan full interruption: act as if disaster had occurred, and perform
all steps including data recovery
– DR plan war gaming: few tools available for this in the private sector

Bina Nusantara
 Rehearsal and Testing of the Alert
Roster
• Alert roster must be tested more often than other plan
components due to employee turnover
• Quarterly testing is recommended
• Alert message contains just enough information to allow
employees to determine which part of the DR plan to
implement
• Auxiliary phone alert and reporting system: automated
system for activating the alert roster
• You are never completely ready for a disaster
• Key skills to retain from rehearsals are flexibility, decisive
decision making, and professionalism

Bina Nusantara
 Disaster Response Phase
• Response phase: the phase associated with
implementing the reaction to a disaster
• Response phase focuses on controlling or
stabilizing the situation for the purposes of:
– Protecting human life and well-being
– Limiting or containing damage to facilities and
equipment
– Managing communications with employees and
other
Bina Nusantara
stakeholders
 Recovery Phase
• Recovery phase:
– Initiates the recovery of the most time-critical business
functions
– Focuses on getting up and running as quickly as possible,
even in degraded mode; less critical operations must wait
for the resumption phase
• Primary goals of the recovery phase:
– Recover critical business functions
– Coordinate recovery efforts
– Acquire resources to replace damaged or destroyed
equipment or materials
– Evaluate whether to implement the business continuity
plan
Bina Nusantara
 Recovery Phase
• Recovery Time Objective (RTO)
– “the maximum amount of time that a system
resource can remain unavailable before there is
an unacceptable impact on other system
resources, supported mission/business
processes, and the MTD (Maximum Tolerable
Downtime) .” ( NIST)

• Recovery Point Objective (RPO)

– the point in time, prior to a disruption or system outage,
to which mission/business process data can be
recovered (given the most recent backup copy of the
data) after an outage. (NIST)
Bina Nusantara
 Resumption Phase
• Resumption phase: focuses on non-critical
functions
• BIA (Business Impact Analysis) should guide in
the prioritization of critical and secondary
functions
• Goals of the resumption phase:
– Initiate implementation of secondary functions
– Finalize implementation of primary functions
– Identify additional needed resources
Bina Nusantara
 Restoration Phase
• Restoration phase: the final phase of disaster recovery
• Primary goals of restoration phase:
– Repair all damage to primary site or select or build a replacement
facility
– Replace damaged or destroyed contents of primary site including
supplies, equipment, and material
– Coordinate relocation from temporary offices to primary site or
suitable new replacement facility
– Restore normal operations at primary site, beginning with critical
functions, then secondary operations
– Stand down the DR team and conduct the after-action review

Bina Nusantara
 Repair or Replacement
• Two possibilities in restoration phase:
– Reestablish operations at primary site
– Establish operations at a new permanent site
• Reestablish operations at primary site:
– Must be able to rebuild damaged facilities
– May need to relocate administrative functions to provide space to the
operational functions while rebuilding is underway
• New permanent site options:
– New location
– Complete rebuild on site of destroyed facilities

Bina Nusantara
 Restoration of the Primary Site
• After physical facilities are rebuilt, the contents must be
replaced, including:
– Office furniture, PCs, photocopies, filing systems, office supplies, etc.
• Must assess what will be covered by insurance and service
contracts

Bina Nusantara
 Relocation from Temporary Offices
• Transition back to the primary site must be
carefully coordinated to minimize additional
disruptions to business functions
• If data management functions must move, may
want to use a movement coordinator to plan the
relocation of personnel, equipment, materials,
and data back to the primary site

Bina Nusantara
 Resumption at the Primary Site
• Must reestablish all normal operations,
including tertiary operations that may have
been suspended due to relocation, such as:
– Managing employee benefit packages
– Employee training and awareness programs
– Organizational planning retreats and meetings
– Routine progress meetings and reports
– Long-term planning activities
– Research and development activities
Bina Nusantara
 Standing Down and the After-
Action Review
• Standing down: the deactivation of the disaster
recovery team, releasing individuals back to normal
duties
• After-action review provides a method for
management to obtain input and feedback from each
group represented in the team
• AAR log serves as legal and planning record and tool
for future training
• Official report should include AAR and reports from
individual teams
Bina Nusantara
 Summary
• An organization should operate on the premise that it is only a
matter of time until a disaster strikes
• 5 phases in the DR plan: preparation, response, recovery,
resumption, restoration
• Goals of DR and business resumption planning: eliminate or
reduce potential for injuries or loss of life, stabilize the effects
of the disaster, implement the DR plan based on type and
impact of disaster
• Recovery phase attempts to recover the most critical business
functions immediately

Bina Nusantara
 Summary (continued)
• Resumption focuses on the remaining
unrestored functions
• Restoration seeks to:
– Repair all damage to primary site or arrange a
replacement facility
– Replace all damaged or destroyed contents
– Coordinate relocation from temporary back to
primary site
– Restore normal operations at primary site
Bina Nusantara
 Outline
• Disaster Recovery
• Business continuity
 Introduction
• BC plan is implemented when an organization
needs to get critical services back in action
• May take place at an alternate location if the DR
plan cannot restore the primary site operations

Bina Nusantara 42
 Implementing the BC Plan
• BC plan takes over when it is clear that the
organization cannot return to normal operations
at the primary site immediately
• Trigger point (or set point): predetermined state
that causes the BC plan implementation to begin
• Due to high costs, the organization should
ensure that the benefits of implementing the BC
plan justify its expenses
Bina Nusantara 43
 Implementing the BC Plan
(continued)
• BC plan implementation involves these steps:
– Preparation for BC actions
– Relocation to alternate site (first by advance team,
then main team, then the rest of the employees)
– Establishment of operations
– Return to the primary site or new permanent
alternate site

Bina Nusantara 44
 Preparation for BC Actions
• BC team’s functions will always be generally the
same, regardless of the type of disaster:
– Prepare to duplicate one or more of the
organization’s critical functions at an alternate site
• Planning and training encompasses the bulk of
the preparation activities
• Entire organization should be prepared for their
role in a BC operation
Bina Nusantara 45
 Preparation for BC Actions (continued)
• Generally impossible to prepare for all possible
contingencies, but a general training program can be
developed
• Command & Control (C&C) functions:
– Critical functions that are prepared for alternative
deployment
– Core administrative functions required to keep the company
operational for 90 days
• BC team should rehearse setting up one or more of the
critical functions at an alternate site
Bina Nusantara 46
 Preparation for BC Actions
(continued)
• C&C functions will likely include at least:
– Customer service
– IT operations
• All C&C functions may not be implementable at the same
alternate BC site
• Organization may be able to make changes in normal policies
and procedures that will improve the effectiveness of BC
preparation
• Remember that standard procedures for data backup must
continue at the alternate site to avoid additional disruptions

Bina Nusantara
47
 Preparation for BC Actions (continued)
• Additional preparations may include:
– Issuance of P-cards to designated BC team members
– Off-site storage of key forms in hard copy
• Advance preparation pays off in efficiency when the BC
plan must be implemented

Bina Nusantara 48
 Relocation to the Alternate Site
• First decision: whether essential functions
should be started at the alternate site
• Second decision: which services must be
available
• Next steps:
– Advance party is deployed to begin coordinating
the move
– Key service providers are notified
– Rest of the BC team moves to the site
– Needed supplies and materials are acquired
Bina Nusantara 49
 Relocation to the Alternate Site
(continued)
• Advance party should include members from
each of the BC subteams
– Management team: command and control group
– Operations team: works to establish core business
functions needed to sustain critical business
operations
– Computer setup (hardware) team: sets up
hardware in the alternate location
– Systems recovery (OS) team: installs operating
systems on hardware
Bina Nusantara 50
 Relocation to the Alternate Site
(continued)
• Advance party (continued):
– Network recovery team: establishes short- and long-term
networks, including hardware, wiring, and Internet and
intranet connectivity
– Applications recovery team: responsible to get internal and
external services up and running
– Data management team: responsible for data restoration and
recovery
– Logistics team: provides any needed supplies, materials, food,
services, or facilities needed at the alternate site
Bina Nusantara 51
 Relocation to the Alternate Site
• Service providers:
(continued)
– May be notified by the BC service provider or by the BC team
– Include water, power, telephone, data services
• BC team leader must notify HR that the BC plan has been
activated
• Where possible, supplies and equipment should be
prepurchased and prepositioned at the alternate site
• If not possible, the requirements should be predetermined to
allow rapid ordering and procurement

Bina Nusantara 52
 Relocation to the Alternate Site
(continued)
• Staff relocation:
– Should be coordinated to occur at the earliest possible point
in time
– Provide logistics guidance to incoming employees
• Provide organized check-in procedures to help employees
quickly assimilate into the new environment

Bina Nusantara 53
 Returning to a Primary Site
• Tasks involved in returning to the primary site
include:
– Scheduling employee move
– Clearing the BC site
– Conducting the after-action review (AAR)
• Easiest scheduling for the move back is over a
weekend
• Data operations should make all normal backups
first before relocating
Bina Nusantara 54
 Returning to a Primary Site
(continued)
• Other activities include:
– Disconnecting temporary services
– Disassembling equipment
– Packaging recovered equipment and supplies
– Storage or transportation of recovered equipment
and supplies
– Clearing the assigned BC space
– Returning control to the BC space provider
• Expect a transition period for employees after
the return
Bina Nusantara 55
 Returning to a Primary Site
(continued)
• Employee issues may include:
– Dealing with personal issues caused by a widespread
disaster
– Need to resume all duties, instead of just the critical
functions performed at the BC site
– Readjusting to regular management hierarchies
– Possible changes in procedures and functions based
on lessons learned while at the BC site

Bina Nusantara 56
 BC After-Action Review
• After relocation back to the primary site, the BC team must
conduct the after-action review (AAR)
• Each team member should come prepared with notes and
suggestions
• Lessons learned should be incorporated into the BC plan

Bina Nusantara 57
 Continuous Improvement of the
BC Process
• Change is inevitable, in the marketplace and in
a business’s interactions with the marketplace
• Continuous monitoring and review of the BC
processes is required to ensure their
effectiveness when needed

Bina Nusantara 58
 Improving the BC Plan
• Ever-increasing reliance on information systems
and technological infrastructure in business
• Problem areas in the BC planning process
include:
– Over-reliance on a BC plan that has not been
updated frequently enough
– Scope of the BC plan is limited to systems recovery
– Faulty prioritization of critical business functions
– Lack of formal mechanisms for updating the plan
– Lack of executive ownership of the process
Bina Nusantara 59
 Improving the BC Plan (continued)
• Problem areas (continued):
– Overlooking or under-prioritizing key communications
issues
– Lack of security considerations for BC operations, leading to
greater risk exposure during recovery operations
– Failure to plan for public relations during disasters, leading
to failure to control public and investor perceptions
– Failure to manage the insurance claims process, resulting in
delayed or reduced settlements
– Failure to adequately evaluate service providers

Bina Nusantara 60
 Improving the BC Plan (continued)
• Important points to consider (from Katherine Lucey,
Fellow of the Business Continuity Institute):
– A BC plan is not a single unified plan; it is a set of specialized
plans
– Individual default response (IDR) should be coded into the
plan by name and on individual wallet cards
– Use an automated notification system because human
calling trees are not reliable
– Keep detailed reference information off-site and out of the
plan
– The best recovery is one that does not have to happen:
identify and eliminate as many risks as possible
Bina Nusantara 61
 Improving the BC Plan (continued)
• Important points to consider (continued):
– Start planning with the most likely types of
interruptions, and then work up to the worst case
scenario
– Hire a BC specialist to help develop your plan

Bina Nusantara 62
 Improving the BC Staff
• Provide training and encourage professionalism
in the BC team members
• Include both managerial and technical training,
as well as formal BCP training
• Training choices include:
– Continuing education classes
– Private professional training institutes
– National conferences

Bina Nusantara 63
 Improving the BC Staff (continued)

Bina Nusantara 64
 Improving the BC Staff (continued)
• Consider attaining BC professional certification
• Currently there are two dominant professional
institutions that certify business continuity
professionals:
– Business Continuity Institute (BCI)
– DRI International (DRII)

Bina Nusantara 65
 Improving the BC Staff (continued)

Bina Nusantara 66
 Improving the BC Staff (continued)

Bina Nusantara 67
 Maintaining the BC Plan
• BC plan requires a formal maintenance and update
strategy
• Formal review should occur at least annually
• If the organization is in a very dynamic environment, the
plan should be reviewed more frequently

Bina Nusantara 68
 The Periodic BC Review
• BC review serves the following purposes:
– A refresher on the contents of the plan
– An assessment of the suitability of the plan
– An opportunity to reconcile BC activities with other
regulatory activities
– An opportunity to make needed minor changes
that have been documented but not implemented
since the last form review
• All suggestions for improvement should go
through a formal review before incorporation
into the plan
Bina Nusantara 69
 BC Plan Archivist
• One individual should be responsible for the
maintenance of the BC document, including:
– Incorporating approved revisions
– Redistribution of the revised plan
– Collection and secure destruction of previous
versions

Bina Nusantara 70
 Summary
• Implementation of the BC plan occurs when the organization
realizes it cannot resume essential operations at the primary
site
• Implementation includes preparations for BC actions,
relocating to the alternate site, establishing operations, and
returning to the primary site
• All employees should minimally receive generalized training
for BC activities
• Advance party should include representative of each of the
major BC subteams

Bina Nusantara 71
 Summary (continued)
• Supplies and equipment must be procured for the alternate
site before relocating employees
• Final event at the alternate site is the relocation back to the
primary site
• After relocation back to primary site, the BC team should
conduct the after-action review (AAR)
• BC plan maintenance is an on-going process
• BC team members should receive BC training
• Certification of BC team members should be considered

Bina Nusantara 72
Thank You