Gii Emergency Planning
-
Upload
tomislav-mikolavcic -
Category
Documents
-
view
227 -
download
0
Transcript of Gii Emergency Planning
-
8/6/2019 Gii Emergency Planning
1/58
March 17, 2005 Gerald Isaacson 2005
Emergency Management PlanningBusiness Continuity
IT Partners
-
8/6/2019 Gii Emergency Planning
2/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
A few definitions to get started:
a disaster
The cake I was baking to bring to Xmas dinner
He lost a laptop with the only copy of his thesis
She lost her research and papers in the lab fire
Payroll system failed the day before payday
Asbestos released in a dorm renovation The death of a student
The Northeast blackout
The recent tsunami
-
8/6/2019 Gii Emergency Planning
3/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
a disaster
is an event, often unexpected, that seriously
disrupts your usual operations orprocesses
and can have long term impact on your
normal way of life or that of your
organization.
-
8/6/2019 Gii Emergency Planning
4/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
A few definitions to get started:
RTO [Recovery Time Objective]
the point in time when you must have at
least the critical aspects of your business
operational again.
-
8/6/2019 Gii Emergency Planning
5/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
A few definitions to get started:
RPO [Recovery Point Objective]
The last copy of your data that is out of harms
way hopefully it is recently current.
-
8/6/2019 Gii Emergency Planning
6/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
A few definitions to get started:
Business Continuity Planning
-
8/6/2019 Gii Emergency Planning
7/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
its not rocket science
-
8/6/2019 Gii Emergency Planning
8/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
it is:
a process to minimize the impact of a majordisruption to normal operations
a process to enable restoration of criticalassets
a process to restore normalcy to MIT as soonas possible after a crisis.
it is not just:
recovery of information technology resources
-
8/6/2019 Gii Emergency Planning
9/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
and it is the phase of crisis management
that follows the immediate actions taken to
protect life and property and contain the
event
it begins when the situation has beenstabilized.
-
8/6/2019 Gii Emergency Planning
10/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
and it
is now a
national
standardfor both
the
public
and
private
sectors
-
8/6/2019 Gii Emergency Planning
11/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
An ECAR report in March of this year, from
Baylor Medical Center and the University of
Houston, in the aftermath of hurricane
Allison, posed the following list ofquestions to ask to determine your
resilience to a disaster.
-
8/6/2019 Gii Emergency Planning
12/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
ECAR Research Bulletin Mar 1 2005
-
8/6/2019 Gii Emergency Planning
13/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
An ECAR report in March of this year, from
Baylor Medical Center and the University of
Houston, in the aftermath of hurricane
Allison, posed the following list ofquestions to ask to determine your
resilience to a disaster.
The answers constitute your Business
Continuity Plan
-
8/6/2019 Gii Emergency Planning
14/58
-
8/6/2019 Gii Emergency Planning
15/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
B B
C
V
F W
CV
C
F
Source: Gartner Group and Comdisco
Network Operations Disruptions
Power
ardware
-
8/6/2019 Gii Emergency Planning
16/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
-
8/6/2019 Gii Emergency Planning
17/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
-
8/6/2019 Gii Emergency Planning
18/58
April 19, 2005 Gerald Isaacson 2005
Mt. St. Helens May 1980 new threats arise
Business Continuity Planning
-
8/6/2019 Gii Emergency Planning
19/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Its different now.
-
8/6/2019 Gii Emergency Planning
20/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
ECAR Research Bulletin Mar 1 2005
but we still have the usual concerns
-
8/6/2019 Gii Emergency Planning
21/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
When is it a Crisis?
Continuity Continuum
Minutes Hours Days Weeks
-
8/6/2019 Gii Emergency Planning
22/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
When is it a Crisis?
Continuity Continuum
Minutes Hours Days Weeks
-
8/6/2019 Gii Emergency Planning
23/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
When is it a Crisis?
Continuity Continuum
Minutes Hours Days Weeks
-
8/6/2019 Gii Emergency Planning
24/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
When is it a Crisis?
Continuity Continuum
Minutes Hours Days Weeks
-
8/6/2019 Gii Emergency Planning
25/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
A crisis timeline --
-
8/6/2019 Gii Emergency Planning
26/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Alarm Notification to First Responders
Data center fire
-
8/6/2019 Gii Emergency Planning
27/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Activate the Emergency Operations Center
-
8/6/2019 Gii Emergency Planning
28/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
IT decision to move to a backup facility
-
8/6/2019 Gii Emergency Planning
29/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Assemble IT recovery team at appropriate sites
-
8/6/2019 Gii Emergency Planning
30/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Obtain backup tapes from off-premises storage
-
8/6/2019 Gii Emergency Planning
31/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Acquire and install backup hardware
and network connections
-
8/6/2019 Gii Emergency Planning
32/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Restore Operating System and Network
-
8/6/2019 Gii Emergency Planning
33/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Reload database and other data
-
8/6/2019 Gii Emergency Planning
34/58
April 19, 2005 Gerald Isaacson 2005
Restoration of Critical Processing
Business Continuity Planning
Restore CriticalApplications
-
8/6/2019 Gii Emergency Planning
35/58
-
8/6/2019 Gii Emergency Planning
36/58
-
8/6/2019 Gii Emergency Planning
37/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Recovery Time Objective (RTO)
Do you measure it in hours or weeks?
When do you need to start to reach it on time?
-
8/6/2019 Gii Emergency Planning
38/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
indows are Closing
-
8/6/2019 Gii Emergency Planning
39/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Increasing dependencies on electronic
capabilities to do your job have shortened
the recovery timeframe.
-
8/6/2019 Gii Emergency Planning
40/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Increasing dependencies on electronic
capabilities to do your job have shortened
the recovery timeframe.
This often leads to a disconnect between
users expectations and the organizationsability to meet them.
-
8/6/2019 Gii Emergency Planning
41/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Lucent technologies
Move to
Alternate
Site
Return
Home
Resume
Business
Data Synchronization
Restore Technology Capability
Restore Communications
Restore Business unctions
Notifications
ital Records
Lost Data
Data Recovery Objective
Recovery Time Objective
(If necessary)
High Level Look at a Recovery Effort
-
8/6/2019 Gii Emergency Planning
42/58
-
8/6/2019 Gii Emergency Planning
43/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases
Understand the need
Define the risk to the DLC and define the
level of criticality
-
8/6/2019 Gii Emergency Planning
44/58
-
8/6/2019 Gii Emergency Planning
45/58
-
8/6/2019 Gii Emergency Planning
46/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases Understand the need
Define the risk to the DLC and define the levelof criticality
Give an individual responsibility and authorityfor overall planning
Ensure that organizational units accounting, facilities, residential life,
laboratories, etc. understand theirindividual responsibility for recovery oftheir operations.
-
8/6/2019 Gii Emergency Planning
47/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases
DLCs develop their FARM (Functional
Area Recovery Management) teams
The Business Continuity Planning Team
(BCMT) consists of FARM Team
Coordinators
The BCMT is represented at the MIT
Emergency Operations Center (EOC)
-
8/6/2019 Gii Emergency Planning
48/58
-
8/6/2019 Gii Emergency Planning
49/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
The Table of
Contents from
the TLO FARM
Team Plan
-
8/6/2019 Gii Emergency Planning
50/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Key Plan Components
Contact list up to date
-
8/6/2019 Gii Emergency Planning
51/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Key Plan Components
Contact list up to date
Resources needed not just computing
-
8/6/2019 Gii Emergency Planning
52/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Key Plan Components
Contact list up to date
Resources needed not just computing
Emergency procedures
-
8/6/2019 Gii Emergency Planning
53/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases
Document the plans for each department,
lab or center Use a common template or framework
Plan review by Business Continuity
Management Team (BCMT) and
Information Systems & Technology
-
8/6/2019 Gii Emergency Planning
54/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases
Test, test, test
-
8/6/2019 Gii Emergency Planning
55/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Simulation Testing MITs Central Utility Plant
On an August afternoon, a fuel line rupture in theCentral Utility Plant results in a fire.
When the sprinkler system operates, the ensuing
flood creates a hazardous waste issue due to the oiland ACM.
The sprinkler operation also operates protectivedisconnects and the power is shut down.
There have been 5 injuries of CUP workers
because of this incident. After about 4 hours it is determined that the CUPs
clean up and return to service will take at least 24hours, and the 80% of the campus that the CUPserves will remain without power.
-
8/6/2019 Gii Emergency Planning
56/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Continuity Plan Development Phases
Test, test, test
Maintain the plans a very difficultprocess but critical to the long term
viability of any plan
-
8/6/2019 Gii Emergency Planning
57/58
April 19, 2005 Gerald Isaacson 2005
Business Continuity Planning
Whats next?
Who should we be talking to in your area?
Who should we be talking to who is not
here?
Any overall concerns about the project?
Any specific concerns that we should beaddressing?
-
8/6/2019 Gii Emergency Planning
58/58
A il 19 2005 G ld I 2005
Business Continuity Planning
Gerald Isaacson, CISSP illiam McShea, C PS
[email protected] [email protected]
617 253-1440 617 253-9491
32-013 32-013
web.mit.edu/bcmt http://web.mit.edu/environ
ment/ehs/