Bussiness continuity
-
Upload
atharabbas -
Category
Business
-
view
291 -
download
1
description
Transcript of Bussiness continuity
PREPARED BY ATHER ABBAS
B.TECH IV YEARCOMPUTER SCIENCE AND
ENGINEERING
BUSSINESS CONTINUITY
INTRODUCTION STANDARDS
PROGRAM POLICIES
BC/BCM PLAN BC/BCM PLANNING
RESOURCE PLANNING AND DEVELOPMENT ORGANIZATIONAL STRUCTURE BUSSINESS IMPACT ANALYSIS
SECURITY MANAGEMENT CONCLUSION
OVERVIEW
BUSINESS CONTINUITY IS THE ACTIVITY PERFORMED BY AN ORGANIZATION TO ENSURE THAT CRITICAL BUSINESS FUNCTIONS WILL BE
AVAILABLE
TO CUSTOMERS, SUPPLIERS, REGULATORSAND OTHER ENTITIES THAT MUST HAVE ACCESS
TO THOSE FUNCTIONS. THESE ACTIVITIES INCLUDE MANY DAILY CHORES SUCH AS PROJECT
MANAGEMENT, SYSTEM BACKUPS, CHANGE CONTROL, AND HELP DESK. BUSINESS
CONTINUITY IS NOT SOMETHING IMPLEMENTED AT THE TIME OF A DISASTER; BUSINESS
CONTINUITY REFERS TO THOSE ACTIVITIES PERFORMED DAILY TO MAINTAIN SERVICE,
CONSISTENCY, AND RECOVERABILITY.
INTRODUCTION
ONGOING MANAGEMENT-LEVEL PROCESS TO ENSURE THAT NECESSARY STEPS ARE
REGULARLY TAKEN TO IDENTIFY PROBABLE ACCIDENTS, DISASTERS, EMERGENCIES, AND/OR THREATS. IT
ALSO INVOLVES (1) ASSESSMENT OF THE PROBABLE EFFECT OF SUCH EVENTS, (2)
DEVELOPMENT OF RECOVERY STRATEGIES AND PLANS, AND (3)
MAINTENANCE OF THEIR READINESS THROUGH PERSONNEL TRAINING AND
PLAN TESTING.
PROGRAM
POLICIES ARE THOSE THINGS MANDATED BY THE MANAGEMENT OF AN ORGANIZATION THAT WILL
ALWAYS BE PERFORMED ACCORDING TO A PRESET DESIGN
PLAN, AND SUPPORTING ALL BUSINESS FUNCTIONS WITHIN AN
ORGANIZATION.
POLICIES
THE COMPONENTS OF THE BUSINESS CONTINUITY METHODOLOGY REQUIRED
FOR MANIFESTATION INTO A DOCUMENTED PLAN INCLUDE:
SET OF DOCUMENTS, INSTRUCTIONS, AND PROCEDURES WHICH ENABLE A
BUSINESS TO RESPOND TO ACCIDENTS, DISASTERS, EMERGENCIES, AND/OR
THREATS WITHOUT ANY STOPPAGE OR HINDRANCE IN ITS KEY OPERATIONS. ALSO CALLED BUSINESS RESUMPTION PLAN, DISASTER RECOVERY PLAN, OR
RECOVERY PLAN.
BC/BCM PLAN
TASK OF IDENTIFYING, DEVELOPING, ACQUIRING, DOCUMENTING, AND
TESTING PROCEDURES AND RESOURCES THAT WILL ENSURE CONTINUITY OF A
FIRM'S KEY OPERATIONS IN THE EVENT OF AN ACCIDENT, DISASTER,
EMERGENCY, AND/OR THREAT. IT INVOLVES (1) RISK MITIGATION
PLANNING (REDUCING POSSIBILITY OF THE OCCURRENCE OF ADVERSE EVENTS), AND (2) BUSINESS RECOVERY PLANNING (ENSURING CONTINUED OPERATION IN
THE AFTERMATH OF A DISASTER).
BC/BCM PLANNING
THE CONCEPT OF BUSINESS CONTINUITY IMPLIES THE UNDERLYING RESOURCES ARE IMPLEMENTED AND DEPLOYED IN SUCH A WAY, THAT LENDS ITSELF TO BEING RE-IMPLEMENTED AND OR RE-DEPLOYED ON AN AS NEEDED BASIS. THIS LEVEL OF FLEXIBILITY REQUIRES THAT BUSINESS FUNCTIONS ARE PLANNED AND DEPLOYED BEGINNING FROM AN OVERALL MENTALITY OF BUSINESS CONTINUITY, AND WORKING DOWNWARD TO SYSTEMS DESIGN. CONVERSELY, WORKING IN THE OPPOSITE DIRECTION, FROM THE SYSTEMS UP, ALWAYS RESULTS IN INFLEXIBLE BUSINESS FUNCTIONS THAT ARE DIFFICULT TO MANAGE, MAINTAIN, AND MODIFY.
RESOURCE PLANNING AND DEVELOPMENT
PART OF BUSINESS CONTINUITY IS ENSURING THAT ALL PERSONNEL IN AN ORGANIZATION UNDERSTAND WHICH BUSINESS FUNCTIONS
ARE THE MOST IMPORTANT TO THE BUSINESS. THIS UNDERSTANDING MUST BE MANIFESTED IN PERSONNEL TRAINING TO TAKE OVER THOSE BUSINESS FUNCTIONS WHEN PERSONNEL ENTER OR LEAVE THE
COMPANY DURING NORMAL BUSINESS OPERATIONS. REDUNDANCY OF SKILLS IS
ALSO VERY IMPORTANT IN THE EVENT OF A DISASTER, WHEN THE AVAILABILITY OF
KNOWLEDGEABLE PERSONNEL WITH CRITICAL SKILLSETS MAY BE
UNPREDICTABLE.
ORGANIZATIONAL STRUCTURE
THE ENTIRE CONCEPT OF BUSINESS CONTINUITY IS BASED ON THE IDENTIFICATION OF ALL BUSINESS FUNCTIONS WITHIN AN ORGANIZATION, AND THEN
ASSIGNING A LEVEL OF IMPORTANCE TO EACH BUSINESS FUNCTION. A BUSINESS IMPACT ANALYSIS
IS THE PRIMARY TOOL FOR GATHERING THIS INFORMATION AND ASSIGNING CRITICALITY,
RECOVERY POINT OBJECTIVES, AND RECOVERY TIME OBJECTIVES, AND IS THEREFORE PART OF THE BASIC
FOUNDATION OF BUSINESS CONTINUITY.IT CAN BE USED TO IDENTIFY EXTEND AND
TIMESCALE OF THE IMPACT ON DIFFERENT LEVELS OF AN ORGANIZATION. FOR INSTANCE IT CAN EXAMINE
THE EFFECT OF DISRUPTION ON OPERATIONAL, FUNCTIONAL AND STRATEGIC ACTIVITIES OF AN
ORGANIZATION. NOT ONLY THE CURRENT ACTIVITIES BUT THE EFFECT OF DISRUPTION ON MAJOR BUSINESS CHANGES, INTRODUCING NEW PRODUCT OR SERVICES
FOR EXAMPLE, CAN BE DETERMINED BY BIA.
BUISSINESS IMPACT ANALYSYS
A PARTICULARLY AGGRESSIVE PACE OF BUSINESS CHANGE
S IGNIFICANT CHANGES IN THE INTERNAL BUSINESS PROCESS
S IGNIFICANT CHANGES IN LOCATION OR TECHNOLOGY
S IGNIFICANT CHANGES IN THE EXTERNAL BUSINESS ENVIRONMENT -SUCH AS MARKET OR REGULATORY
CHANGE
Good practice indicates that a Business Impact Analysis should
be reviewed as a minimum annually but more frequently in
the event of
IN TODAY'S GLOBAL BUSINESS ENVIRONMENT, SECURITY MUST BE THE TOP PRIORITY IN MANAGING INFORMATION TECHNOLOGY.
FOR MOST ORGANIZATIONS, SECURITY IS MANDATED BY LAW, AND CONFORMANCE TO THOSE MANDATES IS INVESTIGATED REGULARLY IN THE FORM OF AUDITS.
FAILURE TO PASS SECURITY AUDITS CAN HAVE FINANCIAL AND MANAGEMENT CHANGING IMPACTS UPON AN ORGANIZATION.
SECURITY MANAGEMENT
FOR THE EFFICIENT RUNNING OF ANY BUSINESS ,THE
BUSINESS CONTINUITY LIFE CYCLE CAN BE ADOPTED. THE
BUSINESS CONTINUITY MANAGEMENT HELPS IN
DETERMINING THE POTENTIAL THREATS TO ANY
BUSINESS IN ADVANCE.
Conclusion
THANK YOU