Two Day Workshop on Business Continuity Planning & Disaster Recovery
Why you should attend:
Disaster can strike any business, anywhere, at any time. Be it a risk of natural disasters, threat of terrorist attacks, loss of power, theft, hardware failure or security breaches, your business is reliant on its IT infrastructure and you need to ensure that you can recover your systems in the event of any disaster, quickly and with minimal disruption. Yet less than 30% of organizations have comprehensive disaster recovery plans.
40% of the companies that experience disaster go out of business, say experts. At best,those without appropriate business continuity plans lose market share and profits, not to mention the intangible yet tremendous damage to the image of the organization. According to a study by AMR Research, the costs of downtime, planned or unplanned, per hour can be as high as $600,000.
"'For many real-time enterprises, a 4 to 24 hour site outage would cause irreparable damage to the enterprise,'" said Donna Scott, Vice-President and Research Director for Gartner. "Because the risks are greater with real-time enterprises, the business continuity plan must address new scenarios, and BC processes must integrate with a greater number of enterprise processes."
How sure are you that your organization, workforce and data can bounce back whatever the threats?
The Bottom Line:
Surviving a disaster cannot be left to chance; business continuity planning must become embedded in strategic and operational plans for the business functions, human resources, facilities and technology.
Following this workshop you will:
- Understand how to develop a Business Continuity plan
- Learn proven techniques to assess and reduce risk and impact
- Create a Business Impact Analysis
- Understand why many plans fail
- Gain the latest techniques to make Disaster Recovery planning easier
- Discover how to organize for survival
- Create scenarios simulating attacks on computers and evolve appropriate response strategies
Workshop Contents
- Introduction to Business Continuity (BC) and Disaster Recovery (DR)
- What constitutes business discontinuity?
- What is a disaster?
- BCP and DRP - differentiated and defined
- Features of a Business Continuity and Disaster Recovery program
- Contingency planning
- Developing the DR Plan
- Phases of Disaster
- Combination of multiple disaster phases
- Impact of disaster - technology and business
- Types of DR Plans
- DR Plan development processes and *good* practices
- Strategy driven plan development
- Stages of development of DR Plan and organizational requirement
- Assessing Risks in Enterprises
- Understanding Risks, Threats, Vulnerabilities and Countermeasures
- Risk Assessment Methodologies - choosing what is relevant
- Risk Assessment Process
- Risk Management and risk appetite of organizations
- Residual risks and IT Governance issues
- Fine-tuning risk assessment process
- Prioritizing systems and functions for recovery
- Business Impact Analysis [BIA]
- Business Process Identification for BIA
- Assessing and quantifying impact of disruptions to business processes
- Computing and justifying MTD /RTO and RPO figures maximum tolerable downtime
- Prioritizing based on RTO / RPO data and obtaining consensus on prioritized list
- BIA Reporting and getting Executive Management approval
- Developing the BC and DR Plan and integrating organizational relationships
- Structure and Content of the BC and DR Plan
- Writing the BC and DR Plan
- Determining the teams to be formed
- Composition of teams
- Tasks to be assigned to each team and the CSF for major task groups
- BC and DR Plan Draft - understanding and review
- Strategies for responding to attacks on computers
- Delineating computer systems from other business process?
- Strategies to contain damage from attacks on computers
- Cost effective recovery strategies vis-à-vis information stored and in transit
- The human factor in responding to attacks on organization IPF
- Strategy implementation
- Developing procedures for special circumstances and contingencies
- Identifying special circumstances
- Cataloguing contingency situations and consequences
- Concept of ‘minimum response’
- Evaluating alternative contingency plans
- Implementing BC and DR plans
- Plan review process
- Implementation time frame and organizational requirement
- Interface with other activities while implementing the DR plan
- Control over access to BC and DR Plan content
- Control over distribution of the plan
- Version Control and library routines as applicable to BC and DR Plan
- Testing and Rehearsal
- Untested BCP / DRP is no Plan at all!
- Creating right degree of awareness of DR Plan content and action required as
- Testing methods and objectives
- Testing Process
- Follow up on test results
- Documenting and updating test objectives and results
- Continued Assessment of needs, threats and solutions
- The BC and DR Plan is a live document!
- Change control process - the 5 stage cycle
- Rapid response to changed threats, vulnerabilities and organizational structure
- Living through disaster
- Creating a command center
- Understanding disaster or ‘incident’ control
- Objectives and roles of command center staff
- Roles, rights and obligations of command center personnel
- Emergency Procedures - creation, testing, validation and updating
- Damage Assessment and salvage process
- Moving to disaster recovery location - process, logistics, internal controls
- Communication - internal & external during a disaster
(MTD) /recovery time objectives (RTO) Recovery Point Objective (RPO)
Hands-on: Participants will be divided into groups to prepare a BIA approach and
conduct the BIA
Hands-on 1: Participants form into groups and identify typical team composition and
task list for chosen teams
Hands-on 2: Participants draft a TOC for a typical BC and DR Plan and chose two topics
to write out full contents
Hands-on: Participants will create scenarios simulating attacks on computers and evolve
appropriate response strategies
needed