Professional Documents
Culture Documents
Planning
J e n n i fe r B ra n d t , C I SA
December 2015
HISTORY OF STINNETT & ASSOCIATES MANAGING RISK. IMPROVING PERFORMANCE.
Stinnett & Associates LLC (Stinnett) is a professional advisory firm offering services designed to help clients more
effectively manage risk and improve performance by streamlining processes, reducing costs and enhancing IT
controls.
Stinnett is a certified Womens Business Enterprise through the Womens Business Enterprise
National Council. Stinnett provides services to a broad range of clients including several
Fortune 1000 companies and many mid-size to large organizations with operations around the
world.
2
MANAGING RISK. IMPROVING PERFORMANCE.
PLANNING (BCP)
During a recent survey by Forrester Research and the Disaster Recovery Journal, a base of 100
decision-makers who have conducted a risk assessment were asked:
5
THE GROWING IMPORTANCE OF A BCP MANAGING RISK. IMPROVING PERFORMANCE.
6
THE GROWING IMPORTANCE OF A BCP (CONTINUED) MANAGING RISK. IMPROVING PERFORMANCE.
A base of 89 BC decision-makers that have invoked a BCP in the last 5 years were asked:
7
BUSINESS CONTINUITY VS. DISASTER RECOVERY MANAGING RISK. IMPROVING PERFORMANCE.
8
BENEFITS TO PLANNING MANAGING RISK. IMPROVING PERFORMANCE.
Besides the obvious benefits during an actual disaster event, BCPs provide additional
value:
Clear understanding of the most critical processes in the organization.
Increased confidence in the company by:
Customers
Business Partners
Employees
Investors
The Board
Compliance with Laws and Regulations (HIPAA, FERC, Finance, etc.)
Positive impact on insurance and risk management
Competitive advantage
Preparation for the inevitable before it occurs will allow businesses to handle it
with the least impact when it occurs
Serve your customers when your competitors cant
9
BENEFITS TO PLANNING (CONTINUED) MANAGING RISK. IMPROVING PERFORMANCE.
10
MANAGING RISK. IMPROVING PERFORMANCE.
BUSINESS CONTINUITY
PLANNING PROCESS
1
1
BUSINESS CONTINUITY PLANNING PROCESS MANAGING RISK. IMPROVING PERFORMANCE.
Results
Clear, tested and reliable instructions and procedures for most significant disaster
events.
Improved assurance to customers, employees, and the investment community.
Reduced exposure to significant and prolonged business outages.
Reduce cost and confusion during a disaster.
Improved internal and external communication channels and processes.
12
PHASE 1: BUSINESS IMPACT ASSESSMENT MANAGING RISK. IMPROVING PERFORMANCE.
1
3
BUSINESS IMPACT ASSESSMENT: THE FIRST STEP MANAGING RISK. IMPROVING PERFORMANCE.
The Business Impact Assessment (BIA) is used to determine the critical business
processes and related resources within all business units of the organization.
The BIA establishes a foundation for developing well-reasoned and prioritized
responses to disaster and ensures Business Continuity Plans are focused on
reestablishing the most critical business processes in the most cost-effective
manner to minimize loss and disruption.
The goal of the BIA is to define objectives for the recovery of host computing
systems that run the applications supporting the critical business processes;
specifically, the number of hours or days in which business systems must be
recovered after an outage.
The output of the BIA is a prioritized list of critical business processes that
becomes the focus of subsequent business mitigation and recovery processes.
14
HOW TO PERFORM THE BIA MANAGING RISK. IMPROVING PERFORMANCE.
3. Interview the key process owners per the BIA interview guide (example: Payroll)
Priority of processes
Acceptable data loss: drives backup strategies and determines the amount of lost data or
work that may need to be re-created, re-entered, and/or re-performed after the systems
have been recovered. (also known as Recovery Point Objective)
15
BIA MAINTENANCE MANAGING RISK. IMPROVING PERFORMANCE.
The Forrester Research and Disaster Recovery Journal survey asked a base of 133 decision-
makers who have conducted a BIA:
16
MANAGING RISK. IMPROVING PERFORMANCE.
P HASE 2:
I N F O R M AT I O N T E C H N O L O G Y
A S S E S S M E N T / G A P A N A LY S I S
AND D EVELOPMENT OF THE D R
P LAN
17
THE IT GAP ANALYSIS MANAGING RISK. IMPROVING PERFORMANCE.
The IT Gap Analysis compares the organizations current system recovery abilities
and procedures to the system recovery needs of the business.
The goal of the IT Gap Analysis is to determine whether ITs current system recovery
abilities meet the business needs.
The output of an IT Gap Analysis is a list of the critical systems, the current system
recovery time, and the desired system recovery time (according to the business).
Where there is a gap, the companys technical team should design and implement a
resiliency strategy which effectively balances managements needs with the potential
impact cost. If such a solution is cost-prohibitive, management must formally accept
the risks associated with the longer recovery times and ensure that the backup /
restoration solution developed is maintained in an optimal state.
18
HOW TO PERFORM THE IT GAP ANALYSIS MANAGING RISK. IMPROVING PERFORMANCE.
Estimate the recovery time for systems and applications that support the critical
the Recovery Time Objectives and Recovery Point Objectives of the critical
business processes
Determine any gaps between the business RTOs and RPOs and ITs current
recovery capabilities
19
THE DISASTER RECOVERY PLAN MANAGING RISK. IMPROVING PERFORMANCE.
20
DISASTER RECOVERY PLANNING WHATS LEFT? MANAGING RISK. IMPROVING PERFORMANCE.
How do we access the systems once they are up and running at the recovery
center?
22
CONSIDERATIONS FOR A SUCCESSFUL BUSINESS
MANAGING RISK. IMPROVING PERFORMANCE.
CONTINUITY PLAN
updated?
23
CONSIDERATIONS FOR A SUCCESSFUL BUSINESS
MANAGING RISK. IMPROVING PERFORMANCE.
The Forrester Research and Disaster Recovery Journal survey asked a base of 154 decision-
makers that have executive-level support, Which executive is the primary sponsor?:
24
CONSIDERATIONS FOR A SUCCESSFUL BUSINESS
MANAGING RISK. IMPROVING PERFORMANCE.
Dont bite off too much. Most plan efforts fail because the scope is
Clearly identify the targets and stay focused throughout the project.
25
CONSIDERATIONS FOR A SUCCESSFUL BUSINESS
MANAGING RISK. IMPROVING PERFORMANCE.
The Forrester Research and Disaster Recovery Journal survey asked a base of 118 decision-
makers that have scenario-based BCPs:
26
BUSINESS CONTINUITY PLANNING
MANAGING RISK. IMPROVING PERFORMANCE.
SUCCESS FACTORS
Dedication of resources:
Team members
Management stakeholders
Executive sponsor
FACTORS (CONTINUED)
The Forrester Research and Disaster Recovery Journal survey asked a base of 89 decision-makers
who have invoked a BCP in the last 5 years, What have been lessons learned from your
invocations? Rank the top 3.
28
PHASE 4: PLAN MAINTENANCE AND TESTING MANAGING RISK. IMPROVING PERFORMANCE.
29
BUSINESS CONTINUITY ONGOING MAINTENANCE MANAGING RISK. IMPROVING PERFORMANCE.
30
PLAN TESTING MANAGING RISK. IMPROVING PERFORMANCE.
31
PLAN TESTING MANAGING RISK. IMPROVING PERFORMANCE.
32
BUSINESS CONTINUITY PLANNING TESTING MANAGING RISK. IMPROVING PERFORMANCE.
The Forrester Research and Disaster Recovery Journal survey asked a base of 168 decision-
makers with documented BCPs:
33
PHASE 5: CONTINUOUS MONITORING MANAGING RISK. IMPROVING PERFORMANCE.
34
BUSINESS CONTINUITY PLAN CHANGE MANAGEMENT MANAGING RISK. IMPROVING PERFORMANCE.
Monitor
Business
Needs and
Technology
Changes
Redistribute
Plans Reassess
Retrain Needs
Employees
Update
Test Plans
Plans
35
MANAGING RISK. IMPROVING PERFORMANCE.
AUDITING T HE B USINESS
CONTINUITY PLAN
36
AUDITING THE BUSINESS CONTINUITY PLAN MANAGING RISK. IMPROVING PERFORMANCE.
37
AUDITING THE BUSINESS CONTINUITY PLAN MANAGING RISK. IMPROVING PERFORMANCE.
38
MANAGING RISK. IMPROVING PERFORMANCE.
R ESOURCES
39
BUSINESS CONTINUITY RESOURCES MANAGING RISK. IMPROVING PERFORMANCE.
40
CONTACT INFORMATION MANAGING RISK. IMPROVING PERFORMANCE.
Questions?
Jennifer.Brandt@stinnett-associates.com
Office (918) 728-3300
www.STINNETT-ASSOCIATES.com
41