CBCP业务连续性管理专家培训材料Area4.ppt

1,Subject Area,Business Continuity ManagementCourse for Advanced Professionals Introduction,2,Subject Area 4：Developing Business Continuity Strategies,3,Lesson Overview,Understand available strategiesIdentify viable strategies for organizational support services and for each functional areaConsolidate strategies across the organizationUnderstand RFPs and contractual agreements,4,Professional Practices for Business Continuity Professionals,Project Initiation and ManagementRisk Evaluation and ControlBusiness Impact AnalysisDeveloping Business Continuity StrategiesEmergency Response and Operations Developing and Implementing Business Continuity PlansAwareness and Training ProgramsMaintaining and Exercising Business Continuity PlansCrisis CommunicationsCoordination with External Agencies,5,Objectives,Determine and guide the selection of alternative business recovery operating strategies for recovery of business and information technologies within the recovery time objective,while maintaining the organizations critical functions.,6,The Professionals Role(1/2),Understand Available Alternatives and Their Advantages,Disadvantages,andCost Ranges,including mitigation as a recovery strategyIdentify Viable Recovery Strategies within Business Functional AreasConsolidate StrategiesIdentify Off-Site Requirements and Alternative Facilities,7,The Professionals Role(2/2),Develop Business Unit StrategiesObtain Commitment from Management for Developed Strategies,8,Terms&Definitions-Business Continuity Strategy,Continuity Strategy An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage.Plans and methodologies are determined by the organizations strategy.There may be more than one solution to fulfill an organizations strategy.Examples:Internal or external hot-site,or cold-site,Alternate Work Area reciprocal agreement,Mobile Recovery,Quick Ship/Drop Ship,Consortium-based solutions,etc.,9,Objective of Strategies,The importance of developing strategiesProtects viability of organizationHelps to plan for the continuity,recovery,and resumption of operationsReduces or mitigates exposures,confusion,and chaosPositions organization to respond to an emergencyEnsures employees understand their role(safety),10,Objective of strategies,Validates business recovery issues Timeframes for recovery and continuity Location(s)for continuity/recovery and resumption Communications needs during&after disaster Acquire the resources and supplies necessary to enact the strategies Ensuring the organization can meet its RTO,11,Terms,Continuity Strategy Strategies that improve the organizations capability to respond to events in order to continue operationsOff-site server that can be switched to immediately if on-site server is not available,Recovery Strategy Strategies that improve the organizations capability to return to stable operations following an event Off-site facility available to bring back up files to for restarting business operations,12,Strategy Development,Determine business requirements and priorities Business Impact Analysis Requirements gatheringIdentify potential alternative strategiesCompile cost,advantages and disadvantagesObjective assessment of the strategiesConduce cost/benefit analysisLeverage strategies across organization,13,Strategy Development,Identify shared service and functional area strategy requirementsDevelop preliminary strategy Identify and evaluate internal alternatives within the organization With other business unitsIdentify and evaluate external alternatives Existing capabilities and sources Develop new capabilities and sources,14,Strategy Development,Document and track the implementation of procedural and/or operational changes to accomplish the strategyConduct cost/benefit analysisTrack open risk issues,15,Strategy Development,Strategy considerations Resources and time to implement strategy Identify alternate locations Time constraints ate alternate location Validate with the owner Build consensus across business units Present to management,16,Shared Service Strategies,Strategies for recovering the organizationOrganizational resource providers,Facilities Finance Corporate Safety Audit Legal Public Relations,Human Resources Purchasing Administrative Services Mailroom ITCorporate Communications,17,Shared Service Strategies,Physical plant infrastructureShared organizational servicesTechnical infrastructureShould allow for the responsive recovery of critical functions and servicesShould meet organization-wide support requirements for recovery of mission critical services,18,Shared Service Strategies,Organizational-level strategiesShould be consolidated and standardized across the organizationPolicies and procedures understood by allCrisis communications proceduresEmergency response procedures,19,Share Service Strategies,Coordination of technology recovery and business continuityContinuation of mission critical business functionsRecovery of technologies to support critical and important business functionsResumption of critical and important business functions after systems recovery,20,Functional Area Strategies,Build consensusManage gaps,Functional Area Need,4-8 hours,72 hours,Shared Service Strategy,GAP!,21,Identify Functional Area Strategic Requirements,Identify business unit/functional area continuity/recovery tasksIdentify business unit recovery time objectives Prioritize objectives Determine business unit interdependenciesIdentify business unit subject matter experts Select team leaders by recovery function,22,Identify Functional Area Strategic Requirements,Review continuity/recovery issues for each support area Personnel Customers Vendors Regulatory agencies Vital records Facilities reconstruction Risk management and insurance,23,Identify Functional Area Strategic Requirements,Review technology issues for each support areaMain-frame Mid-range Local area networks Distributed databases Network accessibility Processing capabilitiesReview non-technology issues for each support area Compare internal and external solutions,Operating systemsDatabasesProcessing capability,24,Strategy Options,Do nothingDefer action to time of disaster Commence recovery and resumption plans after disaster strikesManual procedures Business functions completed without automation,25,Strategy Options,Internal strategiesService degradationReciprocal/Cooperative agreementsCommercial recovery services Business recovery centers Outsourcing Service bureau Quick ship/Hardware vendors Facility recovery,26,Consolidate Strategies,Critical business functions Priorities Interdependencies(from BIA)Preparations and prior plans Designate,staff,and provide access to essential equipment resources for work area recovery sitesMay choose to restore to a portion of original capacity,27,Assess Strategy Requirements,Category 1High CriticalityExtremely Time SensitiveVital RecordsITVoice&DataImmediate Strategy Development!,Category 2ImportantSome Time FlexibilityManufacturingSafety Product StocksSecondary Strategy DevelopmentCategory 3May be deferrableHuman ResourcesCorporate Training,28,Assess Strategies,Conduct cost/benefit analysisTrack open risk issuesBuild consensus across business unitsSteering Committee reviews alternatives,29,Assess Strategies,Analyze business needs criteria Continuity of mission critical functionsContinuity of functions driven by external factorsMaintain strategic and competitive advantages Maintain profitability and viability to survive Maintain customer loyalty and industry imageAny other issues and concerns that have been identified,30,Assess Strategies,Define continuity/recovery planning objectivesCritical business functions,priorities,and interdependenciesTime to restore continuity of mission critical business functionsTime to recover information and communications systemsTime to restore functional capability to resume business,31,Assess Strategies,Develop consistent methods for evaluation Assess reliability of strategies Cost effectiveness of strategies Compare internal and external solutions Assess risk for each recovery strategy,32,Assess Strategies,33,Assess Commercial Recovery Strategies,Summary of the 5 different sites,34,Cost/Benefit Analysis,0 2 4 6 8 24 48 72,Speed of Recovery in Hours,35,Cost/Benefit Analysis,36,Cost/Benefit Analysis,Minutes,6 to 8Hours,24 Hours,48 Hours,Weeks,Months,Efforts&Cost,Zero Date Loss Requirement,Remote CPU&/DB Mirroring,Shadow Data Base,Remote DASD Mirroring,Hot Site/Remote Tape/Channel Extension,Hot Site/Electronic Remote Journaling,Hot Site/Operating System Store/Edit,Hot Site/Electronic Vaulting,Hot Site,Cold Site,Repair Site,37,Cost/Benefit Analysis,Time,Time to recover,Outage Duration,Recovery Cost Balancing,Costs,Max Tolerable Loss,Recovery Budget,Backup/Restore,Cost to Recover,Cost of Disruption,High Availability,Cost/TimeWindow,38,Request for ProposalYou will get what you ask for!The RFP is the gauge for establishing a relationship with a recovery vendor.The contract of this relationship is specified by the vendors ability to assess and service corporate requirements,39,Request for Proposal,Clarify assumptions and review existing documentationDevelop questionnaire/interview guide Select vendors Who are the industry forerunners?Do they support the systems you need to recover?,40,Request for Proposal,Document distributionSite toursRFP review Check responses against your requests Bottom line is not the only line Ensure that vendor promises are documented Check referencesAward contract Self-assessment,41,Vendor Contracts,Techniques for comparing vendors Definition of services Terminology Fee Structure Explanation of fees References,42,Vendor Contracts,Preliminary assessmentOnsite presentationsEmployee involvementAcquisition of services Negotiate services&fees Reach agreements before making commitments Get all agreements in writing before singing contracts,43,Contract Negotiation,Negotiating terms and conditions Early termination Testing Exclusivity Technology Liabilities Usage prioritization Declaration determination&mitigation Multiple declarations by other customers,44,Summary,Importance of strategy developmentOrganizational core service strategies support the entire organizationFunctional strategies support each functional areaManagement must approve strategies A solid RFP process is essential to choosing the best vendor for your organization,45,Sample Questions,