Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Tags >> Business Continuity
Aug 08
2014

Establishing the Business Case for the Business Impact Analysis

Posted by Courtney Bowers in Business Impact Analysis , Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Nearly all business continuity professionals understand the importance of the business impact analysis (BIA) as the primary means for laying the foundation of a business continuity program. However, many professionals struggle to receive executive buy-in, as well as the necessary resources and support for the process. This article dispels common myths in attempt to help remove barriers to obtaining support and contributes to the creation of the business case for performing the BIA in any organization.

Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Jun 10
2014

The Relationship Between the Business Impact Analysis and Risk Assessment

Posted by Courtney Bowers in Business Impact Analysis , Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes. This confusion often results in outcomes that fail to drive preparedness.

May 08
2014

Why Plan? A Closer Look at Business Continuity

Posted by Courtney Bowers in Disaster Recovery , Business Continuity Planning , Business Continuity , Avalution Blogs

Courtney Bowers

By Ross Ladley, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Business continuity is an often talked about risk management practice, especially with what appears to be an ever increasing number of serious disasters, including Superstorm Sandy, the California wildfires, and the Japanese Tsunami – and that’s only natural disasters! Disruptive incidents can stem from major events such as these, but they can also originate from events that are far less visible and widespread, including sprinkler malfunctions, power outages, supply shortages, and an IT disruption.

Mar 13
2014

Using the Results of Your BIA to Develop Disaster Recovery Requirements

Posted by Courtney Bowers in DR , Disaster Recovery , Business Continuity , BIA , Avalution Blogs

Courtney Bowers

By Michael Bratton, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

So you’ve just completed your business impact analysis (BIA) – identifying recovery time objectives for a variety of processes and functions throughout your organization and captured the names of applications and systems that business owners state they just can’t live without. In addition, the IT department heard you were conducting a BIA and mentioned on a few different occasions that they were excited to see what the final results would be to help with their planning. You’ve taken all the applications and their reported recovery time and recovery point objectives and crammed them into a very lengthy spreadsheet, and then the inevitable happens… you realize that everything you have collected is a huge mess.

Jan 08
2014

Using ISO 27031 to Guide IT Disaster Recovery Alignment with ISO 22301

Posted by Courtney Bowers in ISO 22301 , Disaster Recovery , Business Continuity , Avalution Blogs

Courtney Bowers

By Greg Marbais, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT.

Dec 24
2013

Rudolph the red-faced business continuity manager (a Christmas tale – sort of!)

Posted by Andy Osborne in Disaster Recovery , Business Continuity Plans , Business Continuity Management , Business Continuity

Andy Osborne

By Andy Osborne, Consultancy Director at Acumen

Once upon a time there was a senior manager called Rudolph who, on top of his other responsibilities, was put in charge of the business continuity project. Rudolph was a busy chap with a lot on his plate – he didn’t have time for detail. And anyway, disasters never happen do they? Well, only to other people. 

Dec 18
2013

Multi-Site Disaster Response and Coordination Best Practices

Posted by Courtney Bowers in Disaster Response , Disaster Recovery , Business Continuity , Avalution Blogs

Courtney Bowers

By Stacy Gardner, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Most organizations that have experienced a crisis would likely agree that advance planning is critical to enabling an effective response. When a disaster impacts several sites simultaneously, it makes coordination even more chaotic, so the importance of a defined structure increases. Organizations with multiple facilities or sites, especially those within “at-risk” regions, should take proactive steps to prepare their organization for events that require a widespread and coordinated response. Specifically, these preparedness steps include enabling coordination, communication, and adherence to organizational policies in advance of a disaster to ensure all sites implement appropriate response procedures. This article summarizes best practices that help enable sites to work together and execute common, approved response strategies to minimize impact and reduce confusion.

Nov 13
2013

Delving into the depths

Posted by Andy Osborne in Business Continuity Plans , Business Continuity Planning , Business Continuity Management , Business Continuity

Andy Osborne

By Andy Osborne, Acumen.    
Originally posted on Oz's Business Continuity Blog

Following the recent departure of number one son to Manchester (see “University challenge”), on Sunday afternoon I decided to address a small issue that's been troubling me for a while. For several years, in fact. When I say troubling, I mean causing my blood to simmer gently on a pretty much permanent basis, and to boil over about once a week, often punctuated by the phrase "...and tidy your @*~%#& bedroom!"

Nov 11
2013

Business Continuity Scoping: Why Products and Services?

Posted by Courtney Bowers in Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

A Business Continuity Scoping Approach That Contributes to Better Management Engagement and Prioritization of Risk Management Efforts