Date post: | 30-Jan-2015 |
Category: |
Software |
Upload: | compassites-navigator |
View: | 138 times |
Download: | 6 times |
Copyright © 2012
Welcome to Compassites!
www.compassitesinc.comCopyright © 2005 - 2013 Compassites
Copyright © 2012
Pecha Kucha Session
OnBCP and DRP
www.compassitesinc.comCopyright © 2005 - 2013 Compassites
01
I n t r o d u c ti o n t o B C P & D R P
b y B a l a s u b r a m a n i a n . P
02
Outline
1. Why discuss this topic now?2. What BCP & DR addresses?3. Broad BCP objectives4. Availability & Downtime chart5. Phases of Continuity Planning6. Need for BCP “Governance”
03
BCP addresses
Defines a process to preserve critical business functions in the face of a disaster
Continuation of critical business processes when a disaster destroys data processing capabilities
Preparation, testing and maintenance of specific actions to recover normal processing (the BCP)
03
DRP addresses
Disasters are defined in terms of…
If it harms critical business processes, it may be a disaster
how long can the business stand the pain?
Probability of occurrence
03
Disasters Classifications
Disasters – natural, man-made Natural: Fire, flood, hurricane,
tornado, earthquake, volcanoes
Man-made: Plane crashes, vandalism, terrorism, riots, sabotage, loss of personnel,etc.
Anything that diminishes or destroys normal data processing capabilities
04
03
High Level BCP objectives High Avai labi l i ty Confi denti al ity Integrity
03
Low Level BCP objectives Create, document, test, and update a plan
that will address:• Timely recovery• Minimize loss• Meet legal and
regulatory requirements
03
High Availability & Downtime chart
Availability % Downtime per year Downtime per month* Downtime per week
90% ("one nine") 36.5 days 72 hours 16.8 hours
95% 18.25 days 36 hours 8.4 hours
97% 10.96 days 21.6 hours 5.04 hours
98% 7.30 days 14.4 hours 3.36 hours
99% ("two nines") 3.65 days 7.20 hours 1.68 hours
99.5% 1.83 days 3.60 hours 50.4 minutes
99.8% 17.52 hours 86.23 minutes 20.16 minutes
99.9% ("three nines") 8.76 hours 43.8 minutes 10.1 minutes
99.95% 4.38 hours 21.56 minutes 5.04 minutes
99.99% ("four nines") 52.56 minutes 4.32 minutes 1.01 minutes
99.995% 26.28 minutes 2.16 minutes 30.24 seconds
99.999% ("five nines") 5.26 minutes 25.9 seconds 6.05 seconds
99.9999% ("six nines") 31.5 seconds 2.59 seconds 0.605 seconds
99.99999% ("seven nines") 3.15 seconds 0.259 seconds 0.0605 seconds
03
Phases of Continuity Planning
03
Phase I - Project management & initiation
Establish need (risk analysis) Get management support Establish team (functional,
technical, BCC – Business Continuity Coordinator)
Create work plan (scope, goals, methods, timeline)
Initial report to management Obtain management approval
to proceed
03
Phase 2 - Business Impact Analysis (BIA)
Obtaining formal agreement with senior management on the MTD (Maximum Tolerable Downtime) for each time-critical business resource
Analyze information Identify time-critical business functions Assign MTDs Rank critical business functions by MTDs Report recovery options (effort & price) Obtain management approval
03
Phase 3 - Recovery strategiesRecovery strategies are based on MTDs, Predefined and Management-approved
Technical recovery strategies based on subscription service sites• Hot – fully equipped• Warm – missing key components• Cold – empty data center• Mirror – full redundancy• Mobile – trailer full of computers
Technical recovery strategies based on Data • Backups of data and applications• Off-site vs. on-site storage of media• How fast can data be recovered?• How much data can you lose?• Security of off-site backup media• Types of backups (full, incremental, differential, etc.)
03
Phase 4 - BCP development / implementation
Sample plan phases• Initial disaster response• Resume critical business ops• Resume non-critical business ops• Restoration (return to primary site)• Interacting with external groups (customers,
media, emergency responders)
03
Phase 5 - BCP final phase
Testing Maintenance Awareness Training
03
Phase 5 - BCP final phase - Testing
Until it’s tested, you don’t have a plan
Kinds of testing• Structured walk-through• Checklist• Simulation• Parallel • Full interruption
03
Phase 5 - BCP final phase - Maintenance
Fix problems found in testing Implement change management Audit and address audit findings Annual review of plan Build plan into organization
03
Phase 5 - BCP final phase - Training
BCP team is probably the DR team BCP training must be on-going BCP training needs to be part of
the standard on-boarding and part of the corporate culture
03
To RECAP why BCP “Governance”?
Establishing policy by determining how the institution will manage and control identified risks;
Allocating knowledgeable personnel to implement BCP Sufficient financial resources to properly implement the BCP; Ensuring that the BCP is reviewed and approved at least annually; Ensuring employees are trained and aware of their roles in the
implementation of the BCP; Reviewing the BCP testing program and test results on a regular basis;
and Ensuring the BCP is continually updated to reflect the current operating
environment.
The organization’s senior management team is responsible for overseeing the BCP process, which includes:
THANK YOU
30
“We all have ability. The difference is how we use it.”- Grammy Award winner Stevie Wonder
(An American singer/songwriter/multi-instrumentalist but BLIND SINCE BIRTH)