Business continuity
Transcript of Business continuity
What is Business Continuity ?
Business contingency is the practice of formally preparing for variations in the business environment.
These variations can be of any kind, but the primary aim of business contingency planning is to ensure the survival of an organization by preparing for, reacting to, and adjusting to those variations.
Business continuity(BC) refers to the ability of a business to maintain continuous operations in the face of disaster
Continuous availability of IT
continuous availability to be ensured since organisations have become dependent on technology and if information technology (IT) resources suddenly become unavailable, all supporting business processes of that organization generally cannot continue, and this threatens the survival of an organization
Success, recovery or failure?
Time
Level
of
bu
sin
ess
Critical
recovery point
B
No BCM – lucky
escape
C No BCM –
usual outcome
A
Fully tested
effective BCM
THE BUSINESS CONTINUITY MANAGEMENT CYCLE
2
P
1
5
4 3
Understanding
Your Business
Business
Continuity Managem Strategies
Develop and
Implement BCM
Plans & Solution(s)
Building &
Embedding a
BCM Culture
Exercising,
Maintenance
and Audit
B C M
Programme
Management
Building Business Continuity Plan
form a core team from all segments of the business or organization
review all of the existing BC plans (if available).
understand the benefits of developing a BCP policy statement
Establish Project Objectives and Deliverables
Step 1. Project Initiation
Identify customer and business requirements
Identify external dependencies (i.e., government, industry, and legal)
Perform a business risk assessment
Obtain management support
Implement project planning and control process
Step 2. Business Impact Analysis
Define criticality criteria
Identify vital business processes, applications, data, equipment, etc.
Determine impact on business processes
Identify interdependencies
Define recovery time objectives
Step 3. Recovery Strategies
Identify process and processing alternatives and offsite data backup alternatives
Identify communications backup alternatives
Identify recovery strategy alternatives (replace, outsource, manual, etc.)
Formulate strategy based on optimum cost-benefit and risk
Review strategy with recovery teams, management, and customers
Step 4. Plan Development
Define disaster recovery teams, authority, roles, and responsibilities
Develop notification and plan activation procedures
Create emergency response procedures
Create detailed recovery procedures
Develop plan distribution and control procedures
Step 5. Plan Validation/Testing
Develop test plans and objectives
Conduct simulations
Perform tests
Evaluate test results
Perform plan process improvements based on test results
Step 6. Maintenance and Training
Develop BCP maintenance process
Consolidate revision information
Develop revised BCP, as required
Create corporate awareness program
Develop BCP-specific training program
Needs Analysis and Initiation Phase
Match system requirements to their related operational processes
Identify Very high system availability requirements –redundant, real-time mirroring at an alternate site and fail-over capabilities to be built into the design
Evaluate IT system to determine recovery priority
Development/Acquisition Phase
Incorporate redundancy and robustness directly into the system architecture to optimize reliability, maintainability, and availability during the Operation/Maintenance Phase
Set priorities of recovery if multiple applications are set as contingent measures.
• Consider redundant communications paths;
• lack of single points of failure;
• enhanced fault tolerance of network components and interfaces;
• power management systems with appropriately sized backup power sources; load balancing; and data mirroring and replication to ensure a uniformly robust system.
Address requirements for the alternate site
Implementation Phase
Develop a test plan
Test accuracy and effectiveness of technical features and recovery procedures of contingency strategies
Clearly document the contingency measures in the contingency plan
Operation and Maintenance Phase
Conduct training and awareness programme on contingency plan procedures to users, administrators, and managers
Ensure Exercises and tests and make it continue to be effective
Regular backups should be conducted and stored offsite
Update plans to reflect changes to procedures based on lessons learned
Disposal Phase
Current system (Legacy) is replaced with a new system
Do not neglect contingency considerations until the new system is operational & fully tested
The legacy system itself can become a backup system.
The legacy system can be used as a test system for the new system to identify its potentially disruptive system flaws.