logging in or signing up bcpbestpractices Arundel0 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 337 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: October 05, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript New E-Commerce Risks: Human Error/ Operations Risk Content/Application Links to Third Parties Outsourced Service Providers Performance/Capacity Security Incidents Planned/Unplanned Downtime New E-Commerce RisksE-Commerce BC: New Rules/New Realities: IT and business process management are integrated — no longer solo views Production costs increase — no separate budget for BCP Risk identification and management take on a matrix management focus, e.g., technology, financial, trading, operations Problems are public — IT and business problem management must be integrated; root cause analysis Only as strong as your weakest link — good application/bad operations Contingency plans become critical when automation isn’t there — every component of the business process now must have a plan E-Commerce BC: New Rules/New RealitiesBC Components: Disaster Recovery Business Recovery Business Resumption Contingency Planning Objective Mission-critical applications Mission- critical business processing (workspace) Business process workarounds External event Focus Site or component outage (external) Site outage (external) Application outage (internal) External behavior forcing change to internal Deliverable Disaster recovery plan Business recovery plan Alternate processing plan Business contingency plan Sample Event(s) Fire at the data center; critical server failure Electrical outage in the building Credit authorization system down Main supplier cannot ship due to its own problem Sample Solution Recovery site in a different location Recovery site in a different power grid Manual procedure 25% backup of vital products; backup supplier Crisis Management BC ComponentsSlide6: Creating Business Continuity Plans Business Impact Analysis Risk Analysis Group Plans and Procedures Business Continuity Planning Initiation Risk Reduction Implement Standby Facilities Create Planning Organization Testing PROCESS Change Management Education Testing Review Policy Scope Resources Organization Ongoing Process ProjectSlide7: Awareness Programs Fiduciary Responsibility BIA & Risk Assessment Catalysts Obtaining Management CommitmentSlide8: Security Incident Detection & Response Prevention/Planning Detection Incident Response Investigation Evidence Legal Action Project Life Cycle: Business Req. System Architecture System Design Construct Test Implement Post Imple- ment Identify technology and business continuity risks from a business perspective – BIA/ risk analysis RTO/RPO Ensure complete cost estimate Ensure appropriately protected end product Assess risks of new technology products Identify secure infrastructure requirements Identify secure administrative requirements Establish security responsibilities and service- level regulations Identify BC/DR strategies Establish security test strategy Translate security architecture to detailed security infrastructure design Develop security baselines for new technologies/ products Develop detailed security admin. design Develop detailed BCP/DR design/ strategy Develop draft SLAs Develop security test plan Build/code security infrastructure environment and processes Build/code security admin. environment, roles/profiles and processes Build BCP/DR environment, plans and processes Build/code security test plan, processes, scripts and test environment Train secure administrative, operations, business unit, staff... Identify security noncompliance issues Identify new security exposures Test BCP/DR plans to ensure that RTO/RPO is attainable Turn over secure application infrastructure to production Implement secure administrative roles/profiles Implement business/ continuity DR environment Project Life Cycle Identify changes to tested env. Finalize secure admin. env. and processes Finalize security infrastructure environment and processes Finalize BCP/DR env., plans and processes Assess SLA accuracy Finalize risk acceptance with business Ensure that info. security policies are currentE-Commerce BC — Integrated Processes: Business Process Owner Architecture and Standards Application and Tech Design Business Continuity Operations Architecture and Design IT Operations Problem, Change, Performance, DR Risk Management (Financial, Technology, Operations) Information Security Recovery/continuity strategy/ design IT Recovery management E-Biz Project Manager Business Manager Risk Manager Business Continuity Mgr. Audit IT Information Security Business Operations Legal/Compliance HR / Public Relations E-Biz Recovery Team Business continuity strategy/design Audit — Financial and EDP OSPs/ Business Partners E-Commerce BC — Integrated Processes Rules and tools Security Incident identification/response designProblem Management Life Cycle: Problem Identification and Impact Assessment Problem Status/ Communication Problem Prevention and Planning Problem Resolution Root Cause Analysis Problem Management Life Cycle Problem Mgmt Team Business Process Owner Customer/Partner Relationship Owner Risk Management Business Continuity Information Security IT Technical Support IT Applications Support Vendors/OSPs/Third Parties Legal/Compliance Public RelationsToo Much Testing and Reporting Is Never Enough: BCP Phase Accounts Payable Accounts Receivable Cash Mmgt. R&D Prod. Eng. Order Fulfillment Impact Analysis Risk Analysis Strategy Resources Committed Last Tested Change Mgmt. Last Major Review Workable Solution Audit Location, Business Process or Department Management Reporting is Critical Too Much Testing and Reporting Is Never EnoughWhat Is Your Cost of Downtime?: Revenue Know your downtime costs per hour, day, two days... Productivity Number of employees impacted X hours out X burdened hourly rate Damaged Reputation Customers Suppliers Financial markets Banks Business partners ... Financial Performance Revenue recognition Cash flow Lost discounts (A/P) Payment guarantees Credit rating Stock price Other Expenses Temporary employees, equipment rental, overtime costs, extra shipping costs, travel expenses... What Is Your Cost of Downtime? Direct loss Compensatory payments Lost future revenue Billing losses Investment lossesApplying High Availability to Disaster Recovery: Cost Disaster Recovery Times 24 hours 48 hours 72 hours Minutes 12 hrs. Standard Recovery Elec. Vaulting Electronic Journaling Shadowing Mirroring Database and/or file and/or object backup Log/journal transfer (continuous or periodic) Database and/or file and/or object replication Assumes mirroring or shadowing plus a complete application environment net $ host $ disk $ tape $ net $ tape $ net $-$$+ host $$+ disk $$$$+ net $$$+ host $$+ disk $$$$+ net $$$+ host $$$+ disk $$$$+ appl. $+ Hot Standby or Load-Balanced Applying High Availability to Disaster RecoveryDesigning E-Commerce Applications for No Single-Point-of-Failure: Standby or Active Geographic Load Balancer Site Load Balancer Database Clusters Application Server Clusters Site Load Balancer Web Server Clusters Database Clusters Database Replication Transaction Replication Designing E-Commerce Applications for No Single-Point-of-FailureData Replication for Continuous Availability: Database Clusters Database Clusters Host-based Disk-based Replication Methods Examples Disk-to-Disk mirroring EMC SRDF, Compaq DRM, IBM PPRC and XRC, HDS HARC and HRC Log-based DBMS replication Quest Shareplex, Oracle Standby Database, ENET RRDF, SQL Server 2000 Server-based block or file replication Legato Octopus, NSI Doubletake, Veritas SRVM Application-based replication Typically implemented with message-queuing middleware Data Replication for Continuous AvailabilityEmerging Technologies/Services: Emerging Technologies/Services Capacity on demand/emergency back-up Wide-area clusters HP Continental Clusters IBM Geographically Dispersed Parallel Sysplex Cascading data replication Disks Host Operational Site High Bandwidth (fiber) Disks Host Metropolitan/Regional Recovery Facility Tape Backup/Archival Disks Host Primary Recovery SiteDisaster Recovery: Market Dynamics: High- Availability- Based Service 2000 2004 Warm Site and Mobile Recovery Quick Ship Warm Site and Mobile Recovery Quick Ship Load-Balanced (2+Sites) Disaster Recovery: Market DynamicsResource Internally or Externally: External (dedicated) External (shared) Internal You have an alternative facility (50 km distant) BC vendors have insufficient capacity BC is a recognized and respected discipline You cannot economically benefit from syndication You do not have an alternate facility You desire multisite continuous availability or hot standby support RTOs/RPOs are very short You want to focus on core competencies Getting management sign-off for dedicated capital is difficult Experience of supporting an invocation is important Your planning scenarios include loss of technical staff Resource Internally or ExternallyNorth American Business Continuity Market: Comdisco Recovery Services and Web Availability Services IBM Business Continuity Recovery Services and Outsourcing Services SunGard Recovery Services and E-Sourcing Professional services Planning software Hot/warm/cold standby Mobile/static facilities Mainframe/midrange/desktop Quick ship Business Continuity and Internet Services Peripherals Networks Work area Specialized ancillary services such as check processing and data recovery What’s new — Full-service Web-hosting with BC “designed in,” multisite infrastructures for continuous availability, Web site and network “throttling” for performance North American Business Continuity Market Full-Service ProvidersNegotiating a Favorable BC Contract — Balance Risk With Economies of Scale: Cost Always use competitive tendering, even at renewal Keep contracts to three years Unbundle contract costs Understand upgrade costs Specify test time and additional fees Declaration fees are negotiable For unsyndicated equipment, check cost of self-acquisition Annual cap fees Contract Terms Include early-termination conditions Miscellaneous Understand the right of access: “first come, first served” or shared Check syndication levels, risk exposures and exclusion zones Touch the equipment. Visit the recovery center Agree to a buy-out schedule Specify occupancy/comm. fees Negotiating a Favorable BC Contract — Balance Risk With Economies of Scale You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
bcpbestpractices Arundel0 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 337 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: October 05, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript New E-Commerce Risks: Human Error/ Operations Risk Content/Application Links to Third Parties Outsourced Service Providers Performance/Capacity Security Incidents Planned/Unplanned Downtime New E-Commerce RisksE-Commerce BC: New Rules/New Realities: IT and business process management are integrated — no longer solo views Production costs increase — no separate budget for BCP Risk identification and management take on a matrix management focus, e.g., technology, financial, trading, operations Problems are public — IT and business problem management must be integrated; root cause analysis Only as strong as your weakest link — good application/bad operations Contingency plans become critical when automation isn’t there — every component of the business process now must have a plan E-Commerce BC: New Rules/New RealitiesBC Components: Disaster Recovery Business Recovery Business Resumption Contingency Planning Objective Mission-critical applications Mission- critical business processing (workspace) Business process workarounds External event Focus Site or component outage (external) Site outage (external) Application outage (internal) External behavior forcing change to internal Deliverable Disaster recovery plan Business recovery plan Alternate processing plan Business contingency plan Sample Event(s) Fire at the data center; critical server failure Electrical outage in the building Credit authorization system down Main supplier cannot ship due to its own problem Sample Solution Recovery site in a different location Recovery site in a different power grid Manual procedure 25% backup of vital products; backup supplier Crisis Management BC ComponentsSlide6: Creating Business Continuity Plans Business Impact Analysis Risk Analysis Group Plans and Procedures Business Continuity Planning Initiation Risk Reduction Implement Standby Facilities Create Planning Organization Testing PROCESS Change Management Education Testing Review Policy Scope Resources Organization Ongoing Process ProjectSlide7: Awareness Programs Fiduciary Responsibility BIA & Risk Assessment Catalysts Obtaining Management CommitmentSlide8: Security Incident Detection & Response Prevention/Planning Detection Incident Response Investigation Evidence Legal Action Project Life Cycle: Business Req. System Architecture System Design Construct Test Implement Post Imple- ment Identify technology and business continuity risks from a business perspective – BIA/ risk analysis RTO/RPO Ensure complete cost estimate Ensure appropriately protected end product Assess risks of new technology products Identify secure infrastructure requirements Identify secure administrative requirements Establish security responsibilities and service- level regulations Identify BC/DR strategies Establish security test strategy Translate security architecture to detailed security infrastructure design Develop security baselines for new technologies/ products Develop detailed security admin. design Develop detailed BCP/DR design/ strategy Develop draft SLAs Develop security test plan Build/code security infrastructure environment and processes Build/code security admin. environment, roles/profiles and processes Build BCP/DR environment, plans and processes Build/code security test plan, processes, scripts and test environment Train secure administrative, operations, business unit, staff... Identify security noncompliance issues Identify new security exposures Test BCP/DR plans to ensure that RTO/RPO is attainable Turn over secure application infrastructure to production Implement secure administrative roles/profiles Implement business/ continuity DR environment Project Life Cycle Identify changes to tested env. Finalize secure admin. env. and processes Finalize security infrastructure environment and processes Finalize BCP/DR env., plans and processes Assess SLA accuracy Finalize risk acceptance with business Ensure that info. security policies are currentE-Commerce BC — Integrated Processes: Business Process Owner Architecture and Standards Application and Tech Design Business Continuity Operations Architecture and Design IT Operations Problem, Change, Performance, DR Risk Management (Financial, Technology, Operations) Information Security Recovery/continuity strategy/ design IT Recovery management E-Biz Project Manager Business Manager Risk Manager Business Continuity Mgr. Audit IT Information Security Business Operations Legal/Compliance HR / Public Relations E-Biz Recovery Team Business continuity strategy/design Audit — Financial and EDP OSPs/ Business Partners E-Commerce BC — Integrated Processes Rules and tools Security Incident identification/response designProblem Management Life Cycle: Problem Identification and Impact Assessment Problem Status/ Communication Problem Prevention and Planning Problem Resolution Root Cause Analysis Problem Management Life Cycle Problem Mgmt Team Business Process Owner Customer/Partner Relationship Owner Risk Management Business Continuity Information Security IT Technical Support IT Applications Support Vendors/OSPs/Third Parties Legal/Compliance Public RelationsToo Much Testing and Reporting Is Never Enough: BCP Phase Accounts Payable Accounts Receivable Cash Mmgt. R&D Prod. Eng. Order Fulfillment Impact Analysis Risk Analysis Strategy Resources Committed Last Tested Change Mgmt. Last Major Review Workable Solution Audit Location, Business Process or Department Management Reporting is Critical Too Much Testing and Reporting Is Never EnoughWhat Is Your Cost of Downtime?: Revenue Know your downtime costs per hour, day, two days... Productivity Number of employees impacted X hours out X burdened hourly rate Damaged Reputation Customers Suppliers Financial markets Banks Business partners ... Financial Performance Revenue recognition Cash flow Lost discounts (A/P) Payment guarantees Credit rating Stock price Other Expenses Temporary employees, equipment rental, overtime costs, extra shipping costs, travel expenses... What Is Your Cost of Downtime? Direct loss Compensatory payments Lost future revenue Billing losses Investment lossesApplying High Availability to Disaster Recovery: Cost Disaster Recovery Times 24 hours 48 hours 72 hours Minutes 12 hrs. Standard Recovery Elec. Vaulting Electronic Journaling Shadowing Mirroring Database and/or file and/or object backup Log/journal transfer (continuous or periodic) Database and/or file and/or object replication Assumes mirroring or shadowing plus a complete application environment net $ host $ disk $ tape $ net $ tape $ net $-$$+ host $$+ disk $$$$+ net $$$+ host $$+ disk $$$$+ net $$$+ host $$$+ disk $$$$+ appl. $+ Hot Standby or Load-Balanced Applying High Availability to Disaster RecoveryDesigning E-Commerce Applications for No Single-Point-of-Failure: Standby or Active Geographic Load Balancer Site Load Balancer Database Clusters Application Server Clusters Site Load Balancer Web Server Clusters Database Clusters Database Replication Transaction Replication Designing E-Commerce Applications for No Single-Point-of-FailureData Replication for Continuous Availability: Database Clusters Database Clusters Host-based Disk-based Replication Methods Examples Disk-to-Disk mirroring EMC SRDF, Compaq DRM, IBM PPRC and XRC, HDS HARC and HRC Log-based DBMS replication Quest Shareplex, Oracle Standby Database, ENET RRDF, SQL Server 2000 Server-based block or file replication Legato Octopus, NSI Doubletake, Veritas SRVM Application-based replication Typically implemented with message-queuing middleware Data Replication for Continuous AvailabilityEmerging Technologies/Services: Emerging Technologies/Services Capacity on demand/emergency back-up Wide-area clusters HP Continental Clusters IBM Geographically Dispersed Parallel Sysplex Cascading data replication Disks Host Operational Site High Bandwidth (fiber) Disks Host Metropolitan/Regional Recovery Facility Tape Backup/Archival Disks Host Primary Recovery SiteDisaster Recovery: Market Dynamics: High- Availability- Based Service 2000 2004 Warm Site and Mobile Recovery Quick Ship Warm Site and Mobile Recovery Quick Ship Load-Balanced (2+Sites) Disaster Recovery: Market DynamicsResource Internally or Externally: External (dedicated) External (shared) Internal You have an alternative facility (50 km distant) BC vendors have insufficient capacity BC is a recognized and respected discipline You cannot economically benefit from syndication You do not have an alternate facility You desire multisite continuous availability or hot standby support RTOs/RPOs are very short You want to focus on core competencies Getting management sign-off for dedicated capital is difficult Experience of supporting an invocation is important Your planning scenarios include loss of technical staff Resource Internally or ExternallyNorth American Business Continuity Market: Comdisco Recovery Services and Web Availability Services IBM Business Continuity Recovery Services and Outsourcing Services SunGard Recovery Services and E-Sourcing Professional services Planning software Hot/warm/cold standby Mobile/static facilities Mainframe/midrange/desktop Quick ship Business Continuity and Internet Services Peripherals Networks Work area Specialized ancillary services such as check processing and data recovery What’s new — Full-service Web-hosting with BC “designed in,” multisite infrastructures for continuous availability, Web site and network “throttling” for performance North American Business Continuity Market Full-Service ProvidersNegotiating a Favorable BC Contract — Balance Risk With Economies of Scale: Cost Always use competitive tendering, even at renewal Keep contracts to three years Unbundle contract costs Understand upgrade costs Specify test time and additional fees Declaration fees are negotiable For unsyndicated equipment, check cost of self-acquisition Annual cap fees Contract Terms Include early-termination conditions Miscellaneous Understand the right of access: “first come, first served” or shared Check syndication levels, risk exposures and exclusion zones Touch the equipment. Visit the recovery center Agree to a buy-out schedule Specify occupancy/comm. fees Negotiating a Favorable BC Contract — Balance Risk With Economies of Scale