Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal...

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal

2006. IT Consulting LLC. All Rights Reserved. Disaster Recovery Plan IT systems Corporate processes and procedures BCP/DR & Emergency Preparedness Plan Business continuity, emergency management and disaster recovery are interconnected to protect, recover and resume business operations

2006. IT Consulting LLC. All Rights Reserved. How to initiate a BCP? Perform in-depth review of existing DRP and perform immediate improvements as appropriate. Establish a GCE Project Sponsor and Steering Committee. Establish Business Continuity Definitions, Terms and Assumptions

2006. IT Consulting LLC. All Rights Reserved. Initiate Business Continuity Management Risk Assessment Business Impact Analysis Strategy Evaluation and Selection BR Organization and Responsibilities Develop Standard Operating Procedures Develop IT Recovery Plans Implement stand-by arrangements Implement Risk Reduction Measures Quality Assurance Stage 1 Initiation Stage 2 Requirements and Strategy Stage 3 Implementation Stage 4 Operational Management Education and Awareness Review and Audit Testing Change Management Training Business Continuity Lifecycle 2006. IT Consulting LLC. All Rights Reserved.

Schedule for BCP/DR (SOW) CURRENT STATE TARGET STATE 20062007 STABILIZE OPTIMIZE TRANSFORM Project Initiation Scope / Assumptions Schedule Team Contract Review / Validate Existing BCP/DR processes & procedures for ability to meet SLAs Deliverable (RA) Deliverable (BIA) Initiate Risk Assessment (RA) Initiate Business Impact Analysis (BIA) Recommend immediate updates to current procedures as appropriate Plan Annual Exercise Conduct Annual Exercise Periodic Review/ Validate BIAs And DRPs Coordinate Regular DR Tests per SLAs DR not a priority DR plans not updated to meet new business req. Plans not tested DR HW out-dated New BCP/DR Plan Annual Testing Constant Update Periodic BIAs validations Updated HW Management commitment Initiate Strategy Evaluation And Selection Deliverable (SES) Project Planning Project Execution Develop Recovery Plans Develop Procedures Implementation Deliverable (Exercise Result) Hurricane Season Starts Implement Critical Functions

2006. IT Consulting LLC. All Rights Reserved. Risk and Business Impact Analysis Analysis Team Members Individuals from each functional business unit DR consultants from IT Consulting Analysis Team Responsibility Plan & conduct Risk & Business Impact Analysis Report findings to management

2006. IT Consulting LLC. All Rights Reserved. Risk and Business Impact Analysis Data Gathering Cross-functional analysis Interviews, Meetings, Questionnaires, Polls On-site and electronic conferences Data Storage and Distribution Stored on LAN Software: Microsoft Office Distributed by mail, email, LAN, face to face

2006. IT Consulting LLC. All Rights Reserved. Risk Analysis Risk Evaluation Areas Geographical Locations Building Composition Upstream, Downstream, Corporate, & IT Physical access controls and security Computing environments Personal practices Operating practices Backup practices

2006. IT Consulting LLC. All Rights Reserved. Risk Analysis Items Included in Risk Analysis List of potential disasters/crisis Impact to people, assets, environment, reputation Likelihood of occurrence Severity rating based on impact and likelihood Others

2006. IT Consulting LLC. All Rights Reserved. People and Disasters Disaster Awareness and Training Detailed Evacuation Plans Evacuation Drills Emergency Communication Processes Contact Information for All Employees Laptops for Critical Functions

2006. IT Consulting LLC. All Rights Reserved. Business Impact Analysis Critical Functions Questionnaire Is function time critical? Can function be performed at reduced efficiency? Max time function can be unavailable? Loss of revenue? Fines or penalties? Legal liabilities? Loss of public image? Others

2006. IT Consulting LLC. All Rights Reserved. Business Impact Analysis Steps in Analysis Compare to risk analysis Develop matrix of critical functions, risks, impacts Review with stakeholders/management

2006. IT Consulting LLC. All Rights Reserved. Steps for a Disaster Recovery Plan Identify staffing requirements Identifying recovery strategies Selecting recovery strategies Draft Creation of disaster recovery plan Testing the disaster recovery plan

2006. IT Consulting LLC. All Rights Reserved. Time to recover Money Maximum cost of plan Acceptable Downtime Cost (RTO) Loss (RPO) Relationship between RTO, RPO & Cost Recovery Point Objective (RPO): Refers to the point in time to which data must be recovered. Recovery Time Objective (RTO): Refers to the acceptable time period within which the business functions should be restored and made available to ensure normal functioning of the organization. Weeks Days Hrs SecsSecs Hrs Days Weeks DISASTER RPO RTO

2006. IT Consulting LLC. All Rights Reserved. Identifying Recovery Strategies Computer facilities recovery strategy Hot sites, Cold sites, Mirror sites, etc Data and documentation recovery strategies RPO, RTO Department recovery strategies Business Functions Telecommunication recovery strategies Voice and Data

2006. IT Consulting LLC. All Rights Reserved. GCE Global Operations Corporate Headquarters Division Headquarters European Headquarters Asia Pacific Headquarters Houston: Corporate Upstream Downstream Real Estate IT ~4K employees Lockport, LA: Upstream Real Estate IT ~1K employees Brussels: Upstream IT ~200 employees Kuala Lumpur Upstream IT ~150 employees

2006. IT Consulting LLC. All Rights Reserved. Oil Platforms Operations/Support Datacenter Developer Datacenter Support/Op. Personnel Office Developers & PM Office Developers & PM Office COLDSITE MIRRORED Operations/Support Datacenter MIRRORED Developer Datacenter Support/Op. Personnel HOTSITE

2006. IT Consulting LLC. All Rights Reserved. Steps for a Disaster Recovery Plan Identifying recovery strategies Selecting recovery strategies Draft Creation of disaster recovery plan Reviews and discussion sessions Finalize and Sign-off Testing the disaster recovery plan Initial Test Subsequent annual tests

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal

2006. IT Consulting LLC. All Rights Reserved. Total Project Cost: $3.1 Million .51% of GCE 2005 Income of $600M .03% of GCE 2005 Revenue of $10B Costs based on work completed through DR implementation for Critical systems (June 1, 2007) Project Cost Estimates GCE losses estimated to be $1 Million a day without a comprehensive disaster recovery plan.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal...

Documents

Transcript of Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal...