Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Tags >> BCP
Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Apr 16
2014

Disaster Recovery and Change Management

Posted by Alex Belyarchik in Business Continuity Management , BIA , BCP , BCM , BC/DR conference

Alex Belyarchik

Change Management is often times the most overlooked aspect when it comes to Disaster Recovery. Not only does it not get enough attention, but we often times forget that building a recovery footprint is just as important as maintaining it. 

Has your server been operational in sync with the production environment? Have all the new production changes been replicated over to the DR? How can you be assured that your applications are still functioning? 

Oct 11
2013

12 Things NOT to Include in Your BCM / DR Plan

Posted by Alex Fullick in dr planning , DR Plan , Documentation , BCP , BCM

Alex Fullick

When disaster – or a crises – strikes, organizations must be able to refer to a plan to help guide them through the tasks they need to consider executing to respond, restore and recover, systems and operations. All to often when a BCM / DR plan is pulled off the shelf or printed from a file, one ends up with a document that is huge in nature and breadth though rather slim and small in usable content.

This is because many organization put everything they can think of into their BCM/DR plans, which more times that naught, overshadows the actual content needed to be followed; the stuff that provides the detail on what to do. A BCM / DR plan should be action oriented not full of irrelevant information; irrelevant at the time of disaster, not irrelevant to the overall program.

Feb 05
2013

SUPER BOWL AND YOUR BUSINESS

Posted by Skip Williams in Paying for Preparedness , KingsBridge , Emeregency Management , DRP , DR , Disaster Recovery Planning , Disaster Recovery , Business Continuity Program , Business Continuity Planning , Business Continuity Development , Business Continuity , BCP

Skip Williams

How does watching football on Sunday translate into to-do’s for Monday?  More than 100 million people watched the Super Bowl on Feb 3rd, they were expecting a great game and some good entertainment.  What they got was almost a disaster for CBS.  In the recovery planning business, we are always trying to minimize the likelihood of an incident becoming a disaster.  CBS did an excellent job of this on Sunday.

When the power went out in half of the Superdome and the game was stopped unexpectedly, CBS did a good job of keeping people entertained for the 34-minute delay.  While they likely didn’t plan for the lights going out in half of the building, they did have a contingency plan for the power going out and as a result were able to keep most fans watching the commercials and the announcers.  The numbers aren’t available yet, but they might have sold more commercials because of the extra prime-time viewership the “abnormality” created.