2. About Action Point
Established 8 Years - 2005 to 2013
Average growth rate of 48% per Year
30 Employees
First Dell Certified Partner in Ireland
Overall Winner in Limerick County Enterprise Awards 2011
Winner Best SME Award Midwest 2011
Winner Best Technology Business Award Midwest 2012
6. Business Continuity Management
The Cost of Downtime
Speaker: Michael O’Regan
ABC Solutions
Michael O’Regan established Absolute Business Continuity
Solutions Ltd in 2005 and has over 10 years’ experience in
business continuity planning. ABC Solution’s primary function
is to aid small to medium enterprises in establishing business
continuity arrangements to enable them to weather any
incidents that may occur.
7. Business Continuity Management
Agenda:
Business Continuity Overview
Business Continuity Plans – Key Contents
Business Continuity Planning – IT Relationship
8. What is the Business requirement?
To provide the service, ideally 100% of the
time, in a timely manner, to an acceptable
level – may be defined in contract/SLA
Stated another way – to reduce the risk of
service interruption to an acceptable level
If an incident occurs to be able to recover as
quickly as possible with as little disruption to
the service as possible
9. What is Business Continuity Management (BCM)?
BCM is about ensuring that your Business
prepares a plan to handle a serious incident.
During this process you can identify ways to
reduce the risk of an incident happening and
minimise the impact if it does happen.
If an incident occurs key staff should be
trained to handle the situation through testing
and exercising which will enable your business
to continue to function to the agreed level
with the least disruption possible.
10. Drivers for Business Continuity Management
Key Stakeholders:
Customers/Clients
Regulator – Financial Regulator
Insurance Company
Staff
IT providers
11. Categories of Operational Risk
Environmental Disasters – Fire, Floods
Organized or Deliberate Disruptions – Labour dispute, Fraud
Loss of Utilities or Services – Power, water, waste, phones
Equipment or System Failure – Internal Power; Air Conditioning
Serious Information Security Incidents – Laptop stolen;
Disclosure of sensitive files; IT systems failure
Other Emergency Situations – Negative publicity;
Mergers & Acquisitions
17. June 2012 - Ulster Bank
payment problems to persist
until the end of the week
18.
19. Exercise/tests vital to success
Blue Light Services (Fire brigade, Gardai, Ambulance)
carry out regular training exercises – this is why they
are prepared for the real thing!
20. BCP Plan contents
List of critical activities
IT dependencies
Alternative work area requirements
Contact details – Staff, Clients etc.
Incident Management details
Testing/Exercising
BCP Policy
BCP Support infrastructure
21. BCM process overview
Backup &
Recovery Strategy
Recovery Activities
Incident
ID Recovery Teams
Emergency
Disaster Recovery
Business Recovery
Risk Analysis
Threat => Probability & Impact
ID Controls – in place; required
(Reduce risk to acceptable level)
22. Key output from BCM process
Identify Mission Critical Activities (MCA)
Identify key InputsOutputs,
Key Suppliers; Documents
Identify Maximum Tolerable Outage (MTO)
and Minimum Essential Service (MES)
Define the:
Recovery Point Objectives (RPO)
to what point in time you need to recover the MCA
Recovery Time Objectives (RTO)
how quickly you need to recover the MCA
23. Recovery Management Objectives
Define RTO and RPO
Backup to Disk
Replication
RPO RTO
Wks Days Mins SecsHrs WksDaysMinsSecs Hrs
Tape Backup
with Offsite Storage
Fail-Over/Replication
Backup to Disk
How much data loss can
your business endure?
Lost transactions = Lost business
How much downtime can
your business endure?
Time is money
Recovery from Tape
24. Testing/Exercises
Needs to consider different scenarios…
Fire/flood impacting data centre
Fire/flood impacting work area
Data corruption
Loss of broadband
Loss of phones
Supplier incidents
25. Critical Suppliers
ID critical suppliers
What would happen if they had an incident?
Do they have a proven BCP plan?
What alternatives exist?
26. Next Steps - Outline Process to put BC Plan in place
Review current state of risks – ID gaps
Prepare plan to eliminate gaps
Document the plan
Test/exercise the plan
Annual Review or after major change
28. Continuity & Technology
What are the top causes of downtime?
Natural Disasters?
Human Error?
Hardware Failure?
Software Failure?
29. Continuity & Technology
Top causes of downtime:
Natural Disasters 5%
Human Error 22%
Hardware Failure 55%
Software Failure 18%
Average Recovery Time – 30 Hours
Source: Quorum. Q1 2013
30. Continuity & Technology
73% of downtime relates to Information
Technology & Information Systems
5%
22%
55%
18%
Natural Disasters
Human Error
Hardware Failure
Software Failure
31. Continuity & Technology
How do you calculate the cost of this to your
business?
Add:
Employee Productivity
Cost of Restoration
Sales Lost
Reputational Cost
Online calculator available
32. Continuity & Technology
Prevention is better than cure!
Most downtime could be avoided
- Prevent – Apply Best Practice & Maintain
- Plan – Projects, Resources & Finances
33. Continuity & Technology
Action Point’s methodology
1. Identify the Risks
2. Address the Risks
3. Document
4. Test
34. 1. Identify the Risks
Technology Stack
Applications
Services
Data Backup
Operating Systems
DR & BC
Virtualisation
Server Hardware
Telephony
Active Network
Physical Network
External Network
Power
Environment
Physical Security Access Control System
Data Backup to Offsite Location
VMWare or HyperV
Dell PowerEdge Servers & EqualLogic Storage
Phone System, Handsets & Headsets
UPS, Generator
Air Conditioning / General Location
Business Applications, Databases, Services
Cabling & Patching
Dell PowerConnect Switches
Data Replication System (to Secondary Site)
Microsoft Windows Server
Microsft Exchange, Office Applications, SQL, File, Print Queues
Internet / WAN / Firewalls / Interbuilding Links
35. 1. Identify the Risks
Identify and catalogue the risks
Catalogue the application services
Are any pro-active maintenance routines needed?
Establish the RTO & RPO of each
This information dictates the minimum
requirements for protection:
Is Backup sufficient?
Is Continuity required?
36. 2. Address the Risks
Bring existing systems in line with Best Practice
Introduce Resilience where required
Install software systems and hardware systems
as needed
Update maintenance routines to ensure systems
are kept operational and that potential issues are
pre-empted.
Employ pro-active monitoring of key services.
37. 3. Document the Plan
Document:
Infrastructure
Maintenance routines
Procedures for Fail-over
Keep it updated
38. 4. Test, Test & Re-Test
Test!!!
Your plan is only as good as the last test
39. Client Case Study: VoxPro
Client since September 2010
Have grown from 100 to 400 staff
Core Systems based on Dell Infrastructure
Implementation Services from Action Point
40. Client Case Study: Chill Insurance
Client since October 2010
Have grown from 40 to 200+ staff
Core Systems based on Dell Infrastructure
Implementation Services from Action Point