Date post: | 07-May-2015 |
Category: |
Documents |
Upload: | timothy212 |
View: | 2,366 times |
Download: | 4 times |
Copyright © 2002 VERITAS Software Corporation. All Rights Reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies.
Copyright © 2002 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS logo, and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation. VERITAS and the VERITAS Logo Reg. U.S. Pat. & Tm Off. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies.
The Importance of Business Impact Analysis
Hugh F. Shannon Jr.
Enterprise Architect
VERITAS Software
What the experts are saying
Gartner (Roberta Witty, Donna Scott)Disaster Recovery Plans and Systems Are Essential
12 September 2001
"Two out of five enterprises that experience a disaster go out of business within five
years. Business continuity plans and disaster recovery services ensure
continuing viability.”
What Are We Doing About It ?
• 72% Of All Businesses Have Either…– No Business Continuity Plan– Never Tested Their Plan– Their Plan Failed When They Tested It
• Only 18% Of End User Data Is Protected*
*VERITAS Disaster Recovery Survey 2002.
Frequency of Downtime
Fre
qu
ency
Type of Disaster Scenario
Natu
ral Disas
ter
Po
litical Even
ts
User E
rror
Po
wer O
utag
e
Data C
orru
ptio
n
H/W
Failu
re
Disaster Recovery Planning Cycle
The Business Challenge
TheTheWideningWideningGapGap
Requires continuous information availability – BY DESIGNRequires continuous information availability – BY DESIGN
Increasing cost of information unavailability
More business onlineMore applications & data
Ability to deliver through traditional recovery planning
More complex systemsLess window to recover
KPMG
The Challenge of Recovery
File and Print
Web Server
eBusiness
SecsMinsHrsDays Wks Secs Mins Hrs Days Wks
Recovery TimeRecovery TimeRecovery Recovery PointPoint
Recovery Point Objective (RPO)
“How fresh does your data need to be ?”
Recovery Time Objective (RTO)
“What is your downtime tolerance ?”
Disaster Recovery Technologies
Sync.Replication
Async.Replication
Tape Backup
Tape Restore
Clustering
OnlineRestore
Remote Replication
SecsMinsHrsDays Wks Secs Mins Hrs Days Wks
Recovery PointRecovery Point Recovery TimeRecovery Time
Storage Management Costs
• “An Enterprise Spends $3 Managing Storage For Every $1 Spent On Storage Hardware”
0%
20%
40%
60%
80%
100%
Time
IT B
udge
t
Hardware
Software
Labor
Gartner, Nov 2001
What is Business Impact Analysis?
• A technique for identifying both tangible and intangible impacts on a business process, function or department usually over time, based on given criticalities.
• It provides senior management with the information to devise a recovery strategy and recovery prioritization.
• Provides supporting data to define an appropriate DR program budget.
Business Impact Analysis
• Identifies who and what are vital to the business’s survival.– Internal – suppliers, customers, shareholders, IT
systems, manufacturing processes.– External – government departments, regulators, trade
bodies, competitors, pressure groups.
• Evaluates recover priorities and time scales.– Criticality of each function to business survival.
• Assesses the potential cost of disaster.– Direct and indirect costs of loss of service capability.
Business Impact Analysis
• Identifies the high risk areas of the existing infrastructure– Single points of failure– Recovery time limitations
• For IT systems in particular:– Identifies the business critical applications and the
systems they run on.– Identifies the areas of vulnerability within the
environment.
Business Impact Analysis
• Focuses on the delivered service:– Business applications: CRM, order processing, dispatch, billing
etc.– Internal applications: pay roll, HR etc.– Communications: e-mail, web sites etc.
• IT may have become the business.• How does not having the capability affect the
business?– Is the application critical to the business?– Is the function duplicated elsewhere– What viable alternatives exist?
Costs of a Disaster• Loss of vital records• Fee collection• License issuance• Welfare delivery• Child protection• Police protection• Brand image recovery• Loss of share value • Loss of interest on overnight
balances; cost of interest on lost cash flow
• Delays in customer accounting, accounts receivable and billing/invoicing
• Loss of control over debtors• Loss of credit control and
increased bad debt.• Delayed achievement of
benefits of profits from new projects or products
• Cost of replacement of buildings and plant
Costs of a Disaster (cont’d)• Loss of revenue for service
contracts from failure to provide service or meet service levels
• Lost ability to respond to contract opportunities
• Penalties from failure to produce annual accounts or produce timely tax payments
• Where company share value underpins loan facilities, share prices could drop and loans be called in or be re-rated at higher interest levels.
• Cost of replacing equipment• Cost of replacing software• Salaries paid to staff unable to
undertake billable work• Salaries paid to staff to recover
work backlog and maintain deadlines
• Cost of re-creation and recovery of lost data
• Loss of cash flow• Interest value on deferred
billings
Costs of a Disaster (cont’d)
• Penalty clauses invoked for late delivery and failure to meet Service Levels
• Loss of customers (lifetime value of each) and market share
• Loss of profits• Additional cost of credit through
reduced credit rating• Recruitment costs for new staff
on staff turnover
• Training / retraining costs for staff
• Fines and penalties for non-compliance
• Liability claims• Additional cost of advertising,
PR and marketing to reassure customers and prospects to retain market share
• Additional cost of working; administrative costs; travel and subsistence etc.
Disaster Costs Summary
Lost Revenue• Direct Loss
• Compensatory Payments
• Lost Future Revenues
• Investment Loss
Productivity Loss• Number of Fully Burdened
Employee impacted
Damaged Reputation • Customer, Suppliers,
Partners, Banks, Financial Markets
• Credit Ratings
Delayed Collections• Billing Losses
• Missed Discounts
Extra Expense• Cost to Recover
• Overtime Expense
• Increased Fraud Risk
• Increased Error Rate
• Travel Expenses
• Temporary Employees
Penalties • Contractual
• Regulatory
• Legal
DRI International
Disaster Recovery Benefits
• Reducing legal liability
• Minimizing potential economic loss
• Decreasing potential exposure
• Reducing the probability of a disaster occurrence
• Reducing disruption to normal operations
• Ensuring organizational stability
• Ensuring orderly recovery
Disaster Recovery Benefits
• Minimizing insurance premiums
• Reducing reliance on key personnel
• Increasing asset protection
• Ensuring safety of personnel and customers
• Complying with legal, statutory, and regulatory requirements
Business Impact Analysis Benefits
• Helps business and IT identify and prioritize critical systems and applications as they support business functions.
• Helps identify and define recovery priorities.• Determines the cost of downtime which will
help define a reasonable DR budget.• Provides hard data to present to management
to justify the DR budget.
What about my Y2K plans?
• It’s 3 years old now.• Your business priorities have changed.• Your environment has changed.
– More systems, more data, more sites, more critical applications, more services to provide.
– Fewer people who generally have less time to take systems down for maintenance and system administration.
– Your support environment may have well changed too.
What about my Y2K plans?
• Y2K plans generally did not address cost issues of an outage.
• Y2K plans do not provide the necessary prioritized cost justification data (that a Business Impact Analysis would) in order for senior management to make informed decisions on implementing disaster recovery technologies.
Business Impact of No BIA
• “CIOs who fail to conduct a business impact analysis risk over-committing or under-investing resources in disaster prevention and contingent recovery operations. ”
META Group
Bottom Line
• “Savvy CIOs address disaster recovery requirements by leading with a business impact analysis to balance risks with the cost of disaster prevention/mitigation controls and contingent solutions.”
META Group
Copyright © 2002 VERITAS Software Corporation. All Rights Reserved. VERITAS, VERITAS Software, the VERITAS logo, and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation in the US and/or other countries. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies.
Copyright © 2002 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS logo, and all other VERITAS product names and slogans are trademarks or registered trademarks of VERITAS Software Corporation. VERITAS and the VERITAS Logo Reg. U.S. Pat. & Tm Off. Other product names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies.