AD Consulting

Knowledge, Performance, innovation, Improvement

Business Continuity Planning
Our Offering
Why Business Continuity?

REVENUE
Direct Loss
Deferred Losses
Compensatory Payments
Lost Future Revenue
Billing Losses
Investment Losses
FINANCIAL PERFORMANCE
Lost Market Share
Revenue Recognition
Cash Flow
Lost Discounts
Payment Guarantees
Stock Price
Credit Rating

OTHER EXPENSES
Temporary employees,
Equipment Rental,
Overtime,
Extra Shipping Costs,
Travel Expenses,
Etc.
REPUTATION
Customers
Suppliers
Financial Markets
Banks
Business Partners
Etc.
PRODUCTIVITY
Loss Of Productivity
Employees Impacted @ X
Burdened Hourly Rate
LEGAL/REGULATORY
Contractual Requirements
SLAs
Regulatory Requirements

The Cost of Downtime
BCP Phases
Project Management and Intonation
Conduct Business Impact Analysis
Develop Recovery Strategies
Plan, Design and Development
Testing, maintenance, awareness and training

BCP Is an on-going process, not a project with
a beginning and an end

Testing
Maintenance
Awareness
Training
5
Plan, Design and Development
4
1
Project Initiation:
Understand Your Business
3
Develop Strategies for
Supply & Technology Recovery
Data Recovery
2
Conduct Business Impact
Analysis to identify
Recovery Point (RPO)
Service Delivery (SDO)
Recover Time (RTO)
Maximum Tolerable Outage
(MTO)
BCP
BCP Phases
Developing and approval of BCP policy
Define BCP committee
operational units representatives
senior management
IT security
IT specialized experts, and optionally support units like
(technical affairs)
Define BCP project scope and objectives
Provide the necessary project funds and resourses
Project Initiation
Business Impact Analysis
Collect data through interviews, survey, documenting
business functions, transactions, activities
Develop hierarchy of business functions and apply a
classification scheme to indicate each individual
functions criticality level.
Identify the resources that these functions depend
upon
Calculate Maximum Tolerable Outage (MTO) for these
functions
Identify vulnerabilities and threats to these functions
Calculate risk for each different business function
Document findings and report them to management


Business Impact Analysis
Recovery Time Objective (RTO): Time duration organization
can wait between point of failure and service resumption
Service Delivery Objective (SDO): Level of service in Alternate
Mode
Maximum Tolerable Outage: Max time in Alternate Mode
Regular Service
Alternate Mode
Regular
Service
RTO
Maximum Tolerable Outage
SDO
Interruption
Time
Disaster
Recovery
Plan Implemented
Restoration
Plan Implemented
Business Impact Analysis

How far back can you fail to? How long can you operate without a system?
One weeks worth of data? Which services can last how long?
I
n
t
e
r
r
u
p
t
i
o
n

1 1 1
Hour Day Week
Recovery Point Objective Recovery Time Objective
I
n
t
e
r
r
u
p
t
i
o
n

1 1 1
Week Day Hour
Business Impact Analysis

Move to
Alternate
Site
Return
Home
Resume
Business
Data Synchronization
Restore Technology Capability
Restore Communications
Restore Business Functions
Notifications
Vital Records
Lost Data
Data Recovery Objective
Recovery Time Objective
(If necessary)
High Level Look at a Recovery Effort
Recovery strategies
Supply and technology recovery
Network and computer equipment
Voice and data communications resources
Human resources
Transportation of equipment and personnel
Environment issues (HVAC)
Data and personnel security issues
Supplies (paper, forms, cabling, and so on)
Documentation
Data recovery
Restoring Backed-up data

Recovery Strategies

Cost
Time
Service Downtime
Alternative Recovery Strategies
Optimum Cost
* Hot Site
* Warm Site
* Cold Site
Identifying the Optimum Strategy
Recovery strategies
Business process recovery
Facility recovery




Site Cost Hardware Equipment Telecommunications Setup Time Location
Cold Site Low None None Long Fixed
Warm Site Medium Partial Partial/Full Medium Fixed
Hot Site Medium/High Full Full Short Fixed
Mobile Site High Dependent Dependent Dependent Not Fixed
Mirrored Site High Full Full None Fixed
Plan Design and Development
All finding and decisions to be developed
and documented.
Submission of document for approval
Define execution procedure(s) for the
plan.

Testing, maintenance, awareness
and training
Validating that decisions are suitable and correct by
performing
Checklist Test
Structured Walk-Through Test
Simulation Test
Parallel Test
Full-Interruption Test
Maintaining the plan
Make business continuity a part of every business decision
Insert the maintenance responsibilities into job descriptions
Perform internal audits that include disaster recovery and
continuity
documentation and procedures to update the plan.
Integrate the BCP into the change management process
Training and awareness programs are an integral part of the
BCP process

BCP Is an on-going process, not a project with
a beginning and an end