SlideShare uma empresa Scribd logo

Apdip disaster mgmt

Transferir como PPTX, PDF
Mohammad Reza Eghtesadian
Mohammad Reza Eghtesadian
NegóciosTecnologia
1 de 37
Disaster Management (i.e. Business Continuity) Josef C. Mueller Associate Partner
Objective To discuss information systems disaster management and the formation of backup and disaster recovery plans
Agenda • Introduction • Disaster Recovery Approach • DR Team Organization • Case Study • Example Disaster Recovery Services • Open discussion
Introduction What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Sample Disasters Natural Forces Technical Failure Human Interference  Fire  Power Outage  Criminal Act  Environmental  Equipment Failure  Human Error Hazards  Network Failure  Loss of Users  Flood / Water  Software Failure  Explosions Damage  Extreme Weather
Introduction Some Examples of Disasters The Chicago Flood The underground flood of Chicago on Monday April 13, 1992 proved to be one of the worst business disasters ever. 230 buildings lost power because water threatened their underground power sources. The World Trade Center Explosion Businesses were forced to evacuate the World Trade Center in February 26, 1993. When a bomb exploded in the underground parking garage. Companies that were effected by the disruption were unable to remove critical equipment and documents. The San Francisco Earthquake The Oct 18, 1989 quake measured 7.0 on the Richter Scale. The Bay bridge had collapsed. The city had lost the main business section due to the collapse of buildings and electricity.
Introduction Some Examples of Disasters (Cont’d) Hurricane Andrew August 22, 1992, Hurricane Andrew hit the South Florida area. Many businesses suffered physical and financial losses from the hurricane, the valuation of destroyed property was the largest in US history. The Kobe Quake The devastation on January 17, 1995 was the worst in the port city of Kobe where the 7.2 magnitude quake toppled roadways, wrecked docks, severed communication lines and kept the city in flames into the next day. Oklahoma City Bombing On April 19, 1995, a terrorist bomb exploded in front of the nine-story Alfred P. Murrah Federal Building in downtown Oklahoma City. The blast destroyed one- third of the building from roof to ground, leaving a crater eight feet deep, and 30 feet wide.
Introduction What is a Disaster Recovery Plan? A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed upon incidents Other names commonly used:  Business Continuity Plan  Contingency Plans  Continuity Plans  Emergency Response Plans  Business Recovery Plans  Recovery Plans
Introduction When an incident occurs, the Disaster Recovery response activities are likely to be the following (at a high level). Incident Assess Confirm Transfer to Execute Damage Response Alternate Required Strategy Location Functions Prepare Transfer & New Site Execute at New Site Restore Transfer & Primary Execute at Site Primary Site Return to Normal Operations Generate Assess DRP Change Effectiveness Requests
Introduction What is the magnitude of an incident?  Regional Area  Local Area  Within Blocks  To The Building  Within Floors  On The Floor  Within The Room Depending upon the magnitude of an incident, possible alternative sites include:  Within The Room  Within the Building  Within the Region  Outside the Region
Introduction Types of Controls Integrity Controls Confidentiality Controls Availability Controls  Policy  Proprietary Information  Asset Identification  Methodology Policy  Interruption Analysis  Staffing  Ethics Statement  Controls Review  Education  “Need to Know”, “Need to  Impact Analysis  Division of Withhold”  Data Backup Responsibility  Classification Scheme  Off-site Storage  Audit  Records Management  Avoidance Strategies  Error and Change  Handling Procedures  Mitigation Strategies Control  Physical & Electronic  Early Detection &  Reporting and  Security Measures Notification Resolution  Recovery Strategies  Test  Alternate Locations  Quality Assurance  Plans and Procedures  Vendor Relationships  Training  Testing
Introduction Types of Strategies Avoidance Strategy Mitigation Strategy Recovery Strategy  Redundant  Early warning detection  High level recovery plan configuration to avoid  Contractual agreements  Off-site data storage incidents with vendors  Very responsive vendor  Site harden facilities to  Mirrored data and relationships resist incidents documents  Very knowledgeable  Redundant utilities  Detailed migration employees and hardware recovery plan  Automated operation recovery plan Types of Strategy Options  Hot site  Cold site  Self Backup  Service Bureau  Reciprocal Agreement
Introduction What is a Critical Business Function? A specific entity management has decided is so significant to the business mission, that without it, the organization cannot successfully operate after an identified time period. Types of Impact Financial Loss Extra Expense  Lost Revenue  Labor Cost  Lost Sales — Recreate Lost  Lost Market Share Business  Lost Opportunity — Recreate Lost Data — Use Manual Process Human Interference  Equipment Cost  Management Control — Hardware /  Employee Relations software  Stockholder Relations — Telephones  Public Image  Money Cost  Legal Exposure — Delayed Receivable  Contractual Liability — Delayed Orders  Competitive Advantage — New Interest — New Investments
Introduction Criteria for a Critical Business Function Timing Requirements Cost of Control vs. Impact  Minutes  Hours Cost of  Days Impact $  Weeks Cost of  Quarters Control $  Special Situations Impact Interdependencies  Inputs and Outputs Cost
Introduction Implementing Recovery Plans is not an easy task!  Recovery prevention techniques are inadequate  Increase the level of user security awareness and education  No recovery plan at all  Plan is stored on the “ultimate” computer (in IT directors’ head)  Establish short-term alternate processing procedures  Removal of systems running on obsolete machines  Recovery plans are too theoretical and not geared to the organization’s needs  Plans are unwieldy  Recovery plans are in a written format and/or are not updated  Backup not tested  Plans not tested  Plans are located in the computer room or the building  Plans are too grandiose (EXPENSIVE)  Plan does not address PCs / workstations  “People Factors” are not taken into account
Disaster Recovery Approach The following Life Cycle model is useful when thinking about Disaster Recovery. Planning Activities Normal Operations Changes Maintenance Activities Changes Up-to-Date from tests DRP Changes from Recovery Activities event
Disaster Recovery Approach Planning Implementation Scoping & Recovery Disaster Training Risk Strategy Recovery & Approval Assessment Development Plan Testing  Planning The primary objective for the Planning Phase is to gain management consensus on the focus areas and scope of a Disaster Recovery Plan that will address major business risks  Implementation The primary objective for the Implementation Phase is to develop, test, and rollout a Disaster Recovery plan. The implementation phase could be longer or shorter, depending upon scope, approach, and staffing defined during the Scoping and Risk Assessment phase
Disaster Recovery Approach Determine the focus areas and scope Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval for the Disaster Recovery Plan implementation phase Activities Key Deliverables • Management Briefing • Scoping and Risk Assessment • Questionnaires Report • Interviews • Requirements Summary • Focus Groups • Current Capability Summary • Workshop • Critical Business Functions Matrix • Critical Systems Matrix
Disaster Recovery Approach Develop strategies for each of the Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval most critical systems based upon the outcome of the Scoping and Risk Assessment phase Activities Key Deliverables • Develop Strategies • The Recovery Strategy Report • Select Spinoff Projects • Alternatives and recommendations
Disaster Recovery Approach Develop detailed plans for business Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval continuity based upon the specific strategy identified for each critical system Activities Key Deliverable • Develop Recovery Plan • Recovery plan includes • Assessment Plan & Procedures • Notification Procedure • Recovery center Procedure • Migration Plan (facilities, data, people) • Team Organization ( Roles & Responsibilities)
Disaster Recovery Approach Develop detailed plans for business Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval continuity based upon the specific strategy identified for each critical system (continue) Activities Key Deliverable • Develop Maintenance • Maintenance Procedures include Procedures • Responsibility matrix for maintenance • Testing strategy • How to update the Recovery Procedure • Ongoing Center recovery training schedule • Prepare facilities and • Recovery Center Location, facilities Infrastructure and required component
Disaster Recovery Approach Provide training to the recovery team Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval and conduct the testing based upon the testing approach documented in the Maintenance procedure Activities Key Deliverables • Prepare training materials • Training material • Conduct & Evaluate • Trained staff Training
Disaster Recovery Approach Get the Disaster Recovery Plan Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval approved and rollout to the organization Activities Key Deliverable • Revise plan (if necessary) • Management Sign-off • Approve the Disaster • Publication & Distribution of the Recovery Plan disaster recovery
DR Team Organization An Example of Disaster Recovery Team DRP Management Team Disaster Recovery Director Customer Production Disaster Administrative Application Recovery Site Restoration Support Liaison Support Coordinator System Software and Database Security Administration Computer Network Operation and Delivery Off-site Storage Application Services Support Delivery
DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities DR management Act as the steering committee • Provide overall management support to DR Team of the DR Team team • Responsible for strategic decision and key requirements or changes on DRP • Make key decisions according to DRP Disaster Recovery Act as an advisor to the • Oversee the activities of the DR team Director DR management team. • Budget for future DR requirements • Communicate with other management to deal with the business process and recovery procedures Administrative Provide administration • Provide the DR team with administrative Support support to the DR team resources and facilities • Co-ordinate with lawyers for court cases and handle legal documents • Responsible for accounting matters on DR’s expenses • Investigate the amount of damaged resources and insurance claims
DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Customer Liaison Coordinate and coordinate •Notify users and clients of the disaster with users and customers •Issue updates of recovery progress and on any recovery issue expected time of recovery •Help on data center migration issues and work re-allocation Disaster Recovery Centralized coordination •Declare a disaster for each critical system Coordinator for the entire DR team component or for an entire site •Inform the DR team of the decision •Execute DR procedures and recovery strategies •Ensure that the DRP is updated and test on a regular basis Site Restoration Co-ordinate the recovery •Organize security control for the disaster site operations should a site be and alternate processing site as required destroyed System Software Prepare recovery and •Responsible for the restoration of Hosts, and Database restoration of software Servers, DB, synchronize data, etc. Administration and databases
DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Computer Manage storage of the •Provide ready access to the required backups Operations and off backups •Ensure the backups are stored in a secure site storage environment Application Manage applications with •Manage application changes to ensure they Support regard to DRP are compliant with the DRP and vice versa Security Review and monitor DR •Ensure the DR procedures comply with the procedures firm security and audit policies Network Delivery Manage and monitor •Oversee the recovery of the communication voice and data network environment •Switch users to use the alternate network •Co-ordinate with the communication service providers for WAN service recovery
DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Service Delivery Manage IT service •Oversee the service management recovery delivery •Provide helpdesk and end-user support as in DRP •Work closely with Customer Liaison and Disaster Recovery Coordinator to ensure synchronization of communication channel to the users and the DR team activities.
Case Study The Chicago Flood : Impact • One of the worst business disasters • 230 buildings lost power for a couple of days • Valuable government records were in jeopardy • Extensive impact on electrical and computing systems • The greatest financial impact on the CBOT, losing 25 billion in trading of 36 products
Case Study The Chicago Flood : Disaster Recovery • Using Alternate Site Services approach • Providing the alternate site nearly identical to the customer’s damaged site • Implemented by Comdisco Continuity Service The Chicago Flood : Recovery Result • Helped 2 Chicago banks resume operation within hours of evacuation • 17 customers from the financial, brokerage, government and service/ distribution industries, were supported at their hot sites within half a day
Case Study The World Trade Center Explosion : Impact • Building-wide power outage • Structural damaged and employee trauma, Businesses were down • Water problem due to pipes were severed • Injured and Dead reports, the building was considered a crime scene The World Trade Center Explosion : Recovery • Fiduciary Trust, a banking and financial institute’s Recovery Plan • The data center switched automatically to their secondary power system • Moved the operation to their alternate site in NJ which equipped with a computer network nearly identical to that of the bank
Case Study The World Trade Center Explosion : Recovery Result • System was down for Friday afternoon and was up and running by Monday morning as if nothing had happened • Employees retained their usual telephone numbers • Transactions went through the same as always • Customers couldn’t even detect that the bank was no longer operating from the World Trade Center
Example Disaster Recovery Services Examples of Disaster Recovery Services Alternate Sites Provide alternate site nearly identical to the customer’s damaged site Business Impact Analysis Provide services such as defining disaster plans and addressing exposures to business and recovery administrators Certification Provide services such as certifying qualified individuals in the discipline and promoting the credibility and professionalism of certified individuals
Example Disaster Recovery Services Examples of Disaster Recovery Services Education Classes Creating a base of common knowledge for the business continuity/disaster recovery planning industry through education, assistance, and the promotion of international standards On-Site Recovery Facilities Manage the mobilization of an on-call response team, prepare pre- designated site, erect temporary pre-engineered structures, install mechanical and electrical systems and coordinate move-in activities Satellite Communication Provide satellite telecommunications products and services
Example Disaster Recovery Services Service Providers : Consulting Services Andersen Consulting www.ac.com Bell Atlantic Federal CommGuard www.commguard.com Comdisco www.comdisco.com Computer Security Consultants, Inc. www.crciweb.com GSA Disaster and Business Recovery www.gsa-gsa.com Intessera Technologies Group www. intessera.com
Example Disaster Recovery Services Service Providers : Alternate Site Services ARC Disaster Recovery Services www.arcdrs.com Comdisco www.comdisco.com HP Business Recovery Services www.hp.com IBM Business Recovery Services www.brs.ibm.com SunGard Recovery Services, Inc. recovery.sungard.com
Example Disaster Recovery Services Providers : Computer Quick-ship , Hardware Replacement El Camino www.elcamino.com
Disaster Management (i.e., Business Continuity) Open discussion Q&A

Recomendados

12.08.09 Event Mike Perdue Presentation
12.08.09 Event Mike Perdue Presentation12.08.09 Event Mike Perdue Presentation
12.08.09 Event Mike Perdue Presentation
mcini
 
David wilkie task 1 gbs7502
David wilkie task 1 gbs7502David wilkie task 1 gbs7502
David wilkie task 1 gbs7502
dawilkie
 
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
4Good.org
 
Hurricane Preparedness and Disaster Recovery
Hurricane Preparedness and Disaster RecoveryHurricane Preparedness and Disaster Recovery
Hurricane Preparedness and Disaster Recovery
_michellgrp10
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)
IBM Danmark
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...
InSync Conference
 
Stream 2 - Don't Risk IT
Stream 2 - Don't Risk ITStream 2 - Don't Risk IT
Stream 2 - Don't Risk IT
IBM Business Insight
 
Due Diligence - Real-estate solution
Due Diligence - Real-estate solutionDue Diligence - Real-estate solution
Due Diligence - Real-estate solution
CONact GmbH
 

Recomendados

12.08.09 Event Mike Perdue Presentation
12.08.09 Event Mike Perdue Presentation12.08.09 Event Mike Perdue Presentation
12.08.09 Event Mike Perdue Presentation
mcini
 
David wilkie task 1 gbs7502
David wilkie task 1 gbs7502David wilkie task 1 gbs7502
David wilkie task 1 gbs7502
dawilkie
 
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
A Game Plan for Making Decisions Before, During, and After a Crisis Hits Your...
4Good.org
 
Hurricane Preparedness and Disaster Recovery
Hurricane Preparedness and Disaster RecoveryHurricane Preparedness and Disaster Recovery
Hurricane Preparedness and Disaster Recovery
_michellgrp10
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)
IBM Danmark
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...
InSync Conference
 
Stream 2 - Don't Risk IT
Stream 2 - Don't Risk ITStream 2 - Don't Risk IT
Stream 2 - Don't Risk IT
IBM Business Insight
 
Due Diligence - Real-estate solution
Due Diligence - Real-estate solutionDue Diligence - Real-estate solution
Due Diligence - Real-estate solution
CONact GmbH
 
Turner.john
Turner.johnTurner.john
Turner.john
NASAPMC
 
The Knowledge Management Role In Mitigating Operational Risk
The Knowledge Management Role In Mitigating Operational RiskThe Knowledge Management Role In Mitigating Operational Risk
The Knowledge Management Role In Mitigating Operational Risk
Eduardo Longo
 
Fms India 2011 Bcm
Fms India 2011 BcmFms India 2011 Bcm
Fms India 2011 Bcm
Sumeet Sharma
 
Rem NetApp Champion Case Study
Rem NetApp Champion Case StudyRem NetApp Champion Case Study
Rem NetApp Champion Case Study
Michael Hudak
 
Tpcs risk table.xls
Tpcs risk table.xlsTpcs risk table.xls
Tpcs risk table.xls
eriko51
 
Teambuilding Exercises
Teambuilding ExercisesTeambuilding Exercises
Teambuilding Exercises
Gregory P. Smith
 
Cyber Security C2
Cyber Security C2Cyber Security C2
Cyber Security C2
lamcindoe
 
Let technology lead the way.
Let technology lead the way.Let technology lead the way.
Let technology lead the way.
LSG
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Reference
guest5f36a4
 
3 Steps for Reducing Complexity
3 Steps for Reducing Complexity3 Steps for Reducing Complexity
3 Steps for Reducing Complexity
sixsigmaintegration23
 
Is0 749 sample business plan of nesans
Is0 749 sample business plan of nesansIs0 749 sample business plan of nesans
Is0 749 sample business plan of nesans
Balan Jeevana
 
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder ConcernsWhose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
sferoz
 
Debs 2012 basic proactive
Debs 2012 basic proactiveDebs 2012 basic proactive
Debs 2012 basic proactive
Opher Etzion
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2
kofaxconnect
 
When crisis hits! the importance of being prepared
When crisis hits! the importance of being preparedWhen crisis hits! the importance of being prepared
When crisis hits! the importance of being prepared
Text100
 
Critical thinking
Critical thinkingCritical thinking
Critical thinking
Bajaj Sundar
 
Impact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureImpact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical Infrastructure
IPPAI
 
solving problems
solving problemssolving problems
solving problems
nhok maruko
 
Access to Opportunities Event Presentation
Access to Opportunities Event PresentationAccess to Opportunities Event Presentation
Access to Opportunities Event Presentation
Joanne Cooper
 
Shweta(newton)
Shweta(newton)Shweta(newton)
Shweta(newton)
Atishay Jain
 
Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.
deniskazakov3979
 
Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)
yj3500
 

Mais conteúdo relacionado

Mais procurados

Turner.john
Turner.johnTurner.john
Turner.john
NASAPMC
 
Tpcs risk table.xls
Tpcs risk table.xlsTpcs risk table.xls
Tpcs risk table.xls
eriko51
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Reference
guest5f36a4
 
Is0 749 sample business plan of nesans
Is0 749 sample business plan of nesansIs0 749 sample business plan of nesans
Is0 749 sample business plan of nesans
Balan Jeevana
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2
kofaxconnect
 
solving problems
solving problemssolving problems
solving problems
nhok maruko
 

Mais procurados (18)

Turner.john
Turner.johnTurner.john
Turner.john
 
The Knowledge Management Role In Mitigating Operational Risk
The Knowledge Management Role In Mitigating Operational RiskThe Knowledge Management Role In Mitigating Operational Risk
The Knowledge Management Role In Mitigating Operational Risk
 
Fms India 2011 Bcm
Fms India 2011 BcmFms India 2011 Bcm
Fms India 2011 Bcm
 
Rem NetApp Champion Case Study
Rem NetApp Champion Case StudyRem NetApp Champion Case Study
Rem NetApp Champion Case Study
 
Tpcs risk table.xls
Tpcs risk table.xlsTpcs risk table.xls
Tpcs risk table.xls
 
Teambuilding Exercises
Teambuilding ExercisesTeambuilding Exercises
Teambuilding Exercises
 
Cyber Security C2
Cyber Security C2Cyber Security C2
Cyber Security C2
 
Let technology lead the way.
Let technology lead the way.Let technology lead the way.
Let technology lead the way.
 
Service Support Quick Reference
Service Support Quick ReferenceService Support Quick Reference
Service Support Quick Reference
 
3 Steps for Reducing Complexity
3 Steps for Reducing Complexity3 Steps for Reducing Complexity
3 Steps for Reducing Complexity
 
Is0 749 sample business plan of nesans
Is0 749 sample business plan of nesansIs0 749 sample business plan of nesans
Is0 749 sample business plan of nesans
 
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder ConcernsWhose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
 
Debs 2012 basic proactive
Debs 2012 basic proactiveDebs 2012 basic proactive
Debs 2012 basic proactive
 
Customer connect general session - day2_part2
Customer connect general session - day2_part2Customer connect general session - day2_part2
Customer connect general session - day2_part2
 
When crisis hits! the importance of being prepared
When crisis hits! the importance of being preparedWhen crisis hits! the importance of being prepared
When crisis hits! the importance of being prepared
 
Critical thinking
Critical thinkingCritical thinking
Critical thinking
 
Impact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureImpact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical Infrastructure
 
solving problems
solving problemssolving problems
solving problems
 

Destaque

Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.
deniskazakov3979
 
Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)
yj3500
 
Origem do termo Guiné
Origem do termo GuinéOrigem do termo Guiné
Origem do termo Guiné
SinchaSutu
 
Easitech presentation
Easitech presentationEasitech presentation
Easitech presentation
james_cox1
 
I os device deployment example english
I os device deployment example englishI os device deployment example english
I os device deployment example english
ptstockley
 

Destaque (14)

Access to Opportunities Event Presentation
Access to Opportunities Event PresentationAccess to Opportunities Event Presentation
Access to Opportunities Event Presentation
 
Shweta(newton)
Shweta(newton)Shweta(newton)
Shweta(newton)
 
Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.Соединительное и крепежное оборудование Doughty. Каталог.
Соединительное и крепежное оборудование Doughty. Каталог.
 
Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)Marketing high tech_3e_ch06(국문)
Marketing high tech_3e_ch06(국문)
 
Origem do termo Guiné
Origem do termo GuinéOrigem do termo Guiné
Origem do termo Guiné
 
Easitech presentation
Easitech presentationEasitech presentation
Easitech presentation
 
Implementing mobile learning - technical process
Implementing mobile learning - technical processImplementing mobile learning - technical process
Implementing mobile learning - technical process
 
I os device deployment example english
I os device deployment example englishI os device deployment example english
I os device deployment example english
 
Easitech Dinerware Overview
Easitech Dinerware OverviewEasitech Dinerware Overview
Easitech Dinerware Overview
 
The Spontaneous City presentation for Bishkek
The Spontaneous City presentation for Bishkek The Spontaneous City presentation for Bishkek
The Spontaneous City presentation for Bishkek
 
rajasthan
rajasthanrajasthan
rajasthan
 
Fusion in Multimodal Interactive Systems: An HMM-Based Algorithm for User-Ind...
Fusion in Multimodal Interactive Systems: An HMM-Based Algorithm for User-Ind...Fusion in Multimodal Interactive Systems: An HMM-Based Algorithm for User-Ind...
Fusion in Multimodal Interactive Systems: An HMM-Based Algorithm for User-Ind...
 
Réseaux Sociaux : Quand le marketing et la DSI partagent leurs expériences.
Réseaux Sociaux : Quand le marketing et la DSI partagent leurs expériences. Réseaux Sociaux : Quand le marketing et la DSI partagent leurs expériences.
Réseaux Sociaux : Quand le marketing et la DSI partagent leurs expériences.
 
Panel Design Thinking, EFG Łódzkie 2015
Panel Design Thinking, EFG Łódzkie 2015 Panel Design Thinking, EFG Łódzkie 2015
Panel Design Thinking, EFG Łódzkie 2015
 

Semelhante a Apdip disaster mgmt

Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Warranty Outsourcing For Strategic Gains
Warranty Outsourcing For Strategic GainsWarranty Outsourcing For Strategic Gains
Warranty Outsourcing For Strategic Gains
ImranMasood
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents
Resilient Systems
 
Business Process Re-Engineering
Business Process Re-Engineering Business Process Re-Engineering
Business Process Re-Engineering
Building Engines
 
Florida Association of Community Colleges, Council of Student Affairs Present...
Florida Association of Community Colleges, Council of Student Affairs Present...Florida Association of Community Colleges, Council of Student Affairs Present...
Florida Association of Community Colleges, Council of Student Affairs Present...
Margolis Healy
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational risk
Diane Christina
 

Semelhante a Apdip disaster mgmt (20)

Apdip disaster mgmt
Apdip disaster mgmtApdip disaster mgmt
Apdip disaster mgmt
 
Considering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme FileConsidering The Cloud? Thinking Beyond The Readme File
Considering The Cloud? Thinking Beyond The Readme File
 
Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster Recovery Journey Through the AWS Cloud; Disaster Recovery
Journey Through the AWS Cloud; Disaster Recovery
 
Disaster Recovery - Business & Technology
Disaster Recovery - Business & Technology Disaster Recovery - Business & Technology
Disaster Recovery - Business & Technology
 
P&C Claims Automation Solution - A Competitive Advantage
P&C Claims Automation Solution - A Competitive AdvantageP&C Claims Automation Solution - A Competitive Advantage
P&C Claims Automation Solution - A Competitive Advantage
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
AITP July 2012 Presentation - Disaster Recovery - Business + Technology
AITP July 2012 Presentation - Disaster Recovery - Business + TechnologyAITP July 2012 Presentation - Disaster Recovery - Business + Technology
AITP July 2012 Presentation - Disaster Recovery - Business + Technology
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
 
Warranty Outsourcing For Strategic Gains
Warranty Outsourcing For Strategic GainsWarranty Outsourcing For Strategic Gains
Warranty Outsourcing For Strategic Gains
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity Level
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
 
Business Process Re-Engineering
Business Process Re-Engineering Business Process Re-Engineering
Business Process Re-Engineering
 
The Cloud, The Enterprise Architect and the CIO
The Cloud, The Enterprise Architect and the CIOThe Cloud, The Enterprise Architect and the CIO
The Cloud, The Enterprise Architect and the CIO
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Case
 
LKNOG - BCMS
LKNOG - BCMSLKNOG - BCMS
LKNOG - BCMS
 
Florida Association of Community Colleges, Council of Student Affairs Present...
Florida Association of Community Colleges, Council of Student Affairs Present...Florida Association of Community Colleges, Council of Student Affairs Present...
Florida Association of Community Colleges, Council of Student Affairs Present...
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational risk
 

Último

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
laloo_007
 
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
DUBAI (+971)581248768 BUY ABORTION PILLS IN ABU dhabi...Qatar
 

Último (20)

Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance management
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From Seosmmearth
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 

Apdip disaster mgmt

  • 1. Disaster Management (i.e. Business Continuity) Josef C. Mueller Associate Partner
  • 2. Objective To discuss information systems disaster management and the formation of backup and disaster recovery plans
  • 3. Agenda • Introduction • Disaster Recovery Approach • DR Team Organization • Case Study • Example Disaster Recovery Services • Open discussion
  • 4. Introduction What is a Disaster? Any unplanned event that requires immediate redeployment of limited resources Sample Disasters Natural Forces Technical Failure Human Interference  Fire  Power Outage  Criminal Act  Environmental  Equipment Failure  Human Error Hazards  Network Failure  Loss of Users  Flood / Water  Software Failure  Explosions Damage  Extreme Weather
  • 5. Introduction Some Examples of Disasters The Chicago Flood The underground flood of Chicago on Monday April 13, 1992 proved to be one of the worst business disasters ever. 230 buildings lost power because water threatened their underground power sources. The World Trade Center Explosion Businesses were forced to evacuate the World Trade Center in February 26, 1993. When a bomb exploded in the underground parking garage. Companies that were effected by the disruption were unable to remove critical equipment and documents. The San Francisco Earthquake The Oct 18, 1989 quake measured 7.0 on the Richter Scale. The Bay bridge had collapsed. The city had lost the main business section due to the collapse of buildings and electricity.
  • 6. Introduction Some Examples of Disasters (Cont’d) Hurricane Andrew August 22, 1992, Hurricane Andrew hit the South Florida area. Many businesses suffered physical and financial losses from the hurricane, the valuation of destroyed property was the largest in US history. The Kobe Quake The devastation on January 17, 1995 was the worst in the port city of Kobe where the 7.2 magnitude quake toppled roadways, wrecked docks, severed communication lines and kept the city in flames into the next day. Oklahoma City Bombing On April 19, 1995, a terrorist bomb exploded in front of the nine-story Alfred P. Murrah Federal Building in downtown Oklahoma City. The blast destroyed one- third of the building from roof to ground, leaving a crater eight feet deep, and 30 feet wide.
  • 7. Introduction What is a Disaster Recovery Plan? A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed upon incidents Other names commonly used:  Business Continuity Plan  Contingency Plans  Continuity Plans  Emergency Response Plans  Business Recovery Plans  Recovery Plans
  • 8. Introduction When an incident occurs, the Disaster Recovery response activities are likely to be the following (at a high level). Incident Assess Confirm Transfer to Execute Damage Response Alternate Required Strategy Location Functions Prepare Transfer & New Site Execute at New Site Restore Transfer & Primary Execute at Site Primary Site Return to Normal Operations Generate Assess DRP Change Effectiveness Requests
  • 9. Introduction What is the magnitude of an incident?  Regional Area  Local Area  Within Blocks  To The Building  Within Floors  On The Floor  Within The Room Depending upon the magnitude of an incident, possible alternative sites include:  Within The Room  Within the Building  Within the Region  Outside the Region
  • 10. Introduction Types of Controls Integrity Controls Confidentiality Controls Availability Controls  Policy  Proprietary Information  Asset Identification  Methodology Policy  Interruption Analysis  Staffing  Ethics Statement  Controls Review  Education  “Need to Know”, “Need to  Impact Analysis  Division of Withhold”  Data Backup Responsibility  Classification Scheme  Off-site Storage  Audit  Records Management  Avoidance Strategies  Error and Change  Handling Procedures  Mitigation Strategies Control  Physical & Electronic  Early Detection &  Reporting and  Security Measures Notification Resolution  Recovery Strategies  Test  Alternate Locations  Quality Assurance  Plans and Procedures  Vendor Relationships  Training  Testing
  • 11. Introduction Types of Strategies Avoidance Strategy Mitigation Strategy Recovery Strategy  Redundant  Early warning detection  High level recovery plan configuration to avoid  Contractual agreements  Off-site data storage incidents with vendors  Very responsive vendor  Site harden facilities to  Mirrored data and relationships resist incidents documents  Very knowledgeable  Redundant utilities  Detailed migration employees and hardware recovery plan  Automated operation recovery plan Types of Strategy Options  Hot site  Cold site  Self Backup  Service Bureau  Reciprocal Agreement
  • 12. Introduction What is a Critical Business Function? A specific entity management has decided is so significant to the business mission, that without it, the organization cannot successfully operate after an identified time period. Types of Impact Financial Loss Extra Expense  Lost Revenue  Labor Cost  Lost Sales — Recreate Lost  Lost Market Share Business  Lost Opportunity — Recreate Lost Data — Use Manual Process Human Interference  Equipment Cost  Management Control — Hardware /  Employee Relations software  Stockholder Relations — Telephones  Public Image  Money Cost  Legal Exposure — Delayed Receivable  Contractual Liability — Delayed Orders  Competitive Advantage — New Interest — New Investments
  • 13. Introduction Criteria for a Critical Business Function Timing Requirements Cost of Control vs. Impact  Minutes  Hours Cost of  Days Impact $  Weeks Cost of  Quarters Control $  Special Situations Impact Interdependencies  Inputs and Outputs Cost
  • 14. Introduction Implementing Recovery Plans is not an easy task!  Recovery prevention techniques are inadequate  Increase the level of user security awareness and education  No recovery plan at all  Plan is stored on the “ultimate” computer (in IT directors’ head)  Establish short-term alternate processing procedures  Removal of systems running on obsolete machines  Recovery plans are too theoretical and not geared to the organization’s needs  Plans are unwieldy  Recovery plans are in a written format and/or are not updated  Backup not tested  Plans not tested  Plans are located in the computer room or the building  Plans are too grandiose (EXPENSIVE)  Plan does not address PCs / workstations  “People Factors” are not taken into account
  • 15. Disaster Recovery Approach The following Life Cycle model is useful when thinking about Disaster Recovery. Planning Activities Normal Operations Changes Maintenance Activities Changes Up-to-Date from tests DRP Changes from Recovery Activities event
  • 16. Disaster Recovery Approach Planning Implementation Scoping & Recovery Disaster Training Risk Strategy Recovery & Approval Assessment Development Plan Testing  Planning The primary objective for the Planning Phase is to gain management consensus on the focus areas and scope of a Disaster Recovery Plan that will address major business risks  Implementation The primary objective for the Implementation Phase is to develop, test, and rollout a Disaster Recovery plan. The implementation phase could be longer or shorter, depending upon scope, approach, and staffing defined during the Scoping and Risk Assessment phase
  • 17. Disaster Recovery Approach Determine the focus areas and scope Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval for the Disaster Recovery Plan implementation phase Activities Key Deliverables • Management Briefing • Scoping and Risk Assessment • Questionnaires Report • Interviews • Requirements Summary • Focus Groups • Current Capability Summary • Workshop • Critical Business Functions Matrix • Critical Systems Matrix
  • 18. Disaster Recovery Approach Develop strategies for each of the Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval most critical systems based upon the outcome of the Scoping and Risk Assessment phase Activities Key Deliverables • Develop Strategies • The Recovery Strategy Report • Select Spinoff Projects • Alternatives and recommendations
  • 19. Disaster Recovery Approach Develop detailed plans for business Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval continuity based upon the specific strategy identified for each critical system Activities Key Deliverable • Develop Recovery Plan • Recovery plan includes • Assessment Plan & Procedures • Notification Procedure • Recovery center Procedure • Migration Plan (facilities, data, people) • Team Organization ( Roles & Responsibilities)
  • 20. Disaster Recovery Approach Develop detailed plans for business Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval continuity based upon the specific strategy identified for each critical system (continue) Activities Key Deliverable • Develop Maintenance • Maintenance Procedures include Procedures • Responsibility matrix for maintenance • Testing strategy • How to update the Recovery Procedure • Ongoing Center recovery training schedule • Prepare facilities and • Recovery Center Location, facilities Infrastructure and required component
  • 21. Disaster Recovery Approach Provide training to the recovery team Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval and conduct the testing based upon the testing approach documented in the Maintenance procedure Activities Key Deliverables • Prepare training materials • Training material • Conduct & Evaluate • Trained staff Training
  • 22. Disaster Recovery Approach Get the Disaster Recovery Plan Scoping & Risk Assessment Recovery Strategy Disaster Recovery Development Plan Training & Testing Approval approved and rollout to the organization Activities Key Deliverable • Revise plan (if necessary) • Management Sign-off • Approve the Disaster • Publication & Distribution of the Recovery Plan disaster recovery
  • 23. DR Team Organization An Example of Disaster Recovery Team DRP Management Team Disaster Recovery Director Customer Production Disaster Administrative Application Recovery Site Restoration Support Liaison Support Coordinator System Software and Database Security Administration Computer Network Operation and Delivery Off-site Storage Application Services Support Delivery
  • 24. DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities DR management Act as the steering committee • Provide overall management support to DR Team of the DR Team team • Responsible for strategic decision and key requirements or changes on DRP • Make key decisions according to DRP Disaster Recovery Act as an advisor to the • Oversee the activities of the DR team Director DR management team. • Budget for future DR requirements • Communicate with other management to deal with the business process and recovery procedures Administrative Provide administration • Provide the DR team with administrative Support support to the DR team resources and facilities • Co-ordinate with lawyers for court cases and handle legal documents • Responsible for accounting matters on DR’s expenses • Investigate the amount of damaged resources and insurance claims
  • 25. DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Customer Liaison Coordinate and coordinate •Notify users and clients of the disaster with users and customers •Issue updates of recovery progress and on any recovery issue expected time of recovery •Help on data center migration issues and work re-allocation Disaster Recovery Centralized coordination •Declare a disaster for each critical system Coordinator for the entire DR team component or for an entire site •Inform the DR team of the decision •Execute DR procedures and recovery strategies •Ensure that the DRP is updated and test on a regular basis Site Restoration Co-ordinate the recovery •Organize security control for the disaster site operations should a site be and alternate processing site as required destroyed System Software Prepare recovery and •Responsible for the restoration of Hosts, and Database restoration of software Servers, DB, synchronize data, etc. Administration and databases
  • 26. DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Computer Manage storage of the •Provide ready access to the required backups Operations and off backups •Ensure the backups are stored in a secure site storage environment Application Manage applications with •Manage application changes to ensure they Support regard to DRP are compliant with the DRP and vice versa Security Review and monitor DR •Ensure the DR procedures comply with the procedures firm security and audit policies Network Delivery Manage and monitor •Oversee the recovery of the communication voice and data network environment •Switch users to use the alternate network •Co-ordinate with the communication service providers for WAN service recovery
  • 27. DR Team Organization Examples of Data Center Roles & Responsibilities Title Roles Responsibilities Service Delivery Manage IT service •Oversee the service management recovery delivery •Provide helpdesk and end-user support as in DRP •Work closely with Customer Liaison and Disaster Recovery Coordinator to ensure synchronization of communication channel to the users and the DR team activities.
  • 28. Case Study The Chicago Flood : Impact • One of the worst business disasters • 230 buildings lost power for a couple of days • Valuable government records were in jeopardy • Extensive impact on electrical and computing systems • The greatest financial impact on the CBOT, losing 25 billion in trading of 36 products
  • 29. Case Study The Chicago Flood : Disaster Recovery • Using Alternate Site Services approach • Providing the alternate site nearly identical to the customer’s damaged site • Implemented by Comdisco Continuity Service The Chicago Flood : Recovery Result • Helped 2 Chicago banks resume operation within hours of evacuation • 17 customers from the financial, brokerage, government and service/ distribution industries, were supported at their hot sites within half a day
  • 30. Case Study The World Trade Center Explosion : Impact • Building-wide power outage • Structural damaged and employee trauma, Businesses were down • Water problem due to pipes were severed • Injured and Dead reports, the building was considered a crime scene The World Trade Center Explosion : Recovery • Fiduciary Trust, a banking and financial institute’s Recovery Plan • The data center switched automatically to their secondary power system • Moved the operation to their alternate site in NJ which equipped with a computer network nearly identical to that of the bank
  • 31. Case Study The World Trade Center Explosion : Recovery Result • System was down for Friday afternoon and was up and running by Monday morning as if nothing had happened • Employees retained their usual telephone numbers • Transactions went through the same as always • Customers couldn’t even detect that the bank was no longer operating from the World Trade Center
  • 32. Example Disaster Recovery Services Examples of Disaster Recovery Services Alternate Sites Provide alternate site nearly identical to the customer’s damaged site Business Impact Analysis Provide services such as defining disaster plans and addressing exposures to business and recovery administrators Certification Provide services such as certifying qualified individuals in the discipline and promoting the credibility and professionalism of certified individuals
  • 33. Example Disaster Recovery Services Examples of Disaster Recovery Services Education Classes Creating a base of common knowledge for the business continuity/disaster recovery planning industry through education, assistance, and the promotion of international standards On-Site Recovery Facilities Manage the mobilization of an on-call response team, prepare pre- designated site, erect temporary pre-engineered structures, install mechanical and electrical systems and coordinate move-in activities Satellite Communication Provide satellite telecommunications products and services
  • 34. Example Disaster Recovery Services Service Providers : Consulting Services Andersen Consulting www.ac.com Bell Atlantic Federal CommGuard www.commguard.com Comdisco www.comdisco.com Computer Security Consultants, Inc. www.crciweb.com GSA Disaster and Business Recovery www.gsa-gsa.com Intessera Technologies Group www. intessera.com
  • 35. Example Disaster Recovery Services Service Providers : Alternate Site Services ARC Disaster Recovery Services www.arcdrs.com Comdisco www.comdisco.com HP Business Recovery Services www.hp.com IBM Business Recovery Services www.brs.ibm.com SunGard Recovery Services, Inc. recovery.sungard.com
  • 36. Example Disaster Recovery Services Providers : Computer Quick-ship , Hardware Replacement El Camino www.elcamino.com
  • 37. Disaster Management (i.e., Business Continuity) Open discussion Q&A