Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Tags >> Awareness
Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Feb 20
2014

Ski boots and celery

Posted by Andy Osborne in Business Continuity Plans , Business Continuity Planning , Awareness

Andy Osborne

By Andy Osborne, Acumen.  
Originally posted on Oz's Business Continuity Blog.

I love skiing. It’s right up there on my list of top ten favourite things (I’ll keep the other nine and their relative positions to myself for now, on the grounds that divulging them may incriminate me).