Business Impact Analysis Services

Document Sample
Business Impact Analysis Services Powered By Docstoc
					SunGard Availability Services
          Business Impact Analysis (BIA)
         Connecticut Community Colleges
                          July 14, 2005

 Page 1 Date: 18-Nov-10
                         Welcome and Introductions

     Connecticut Community Colleges (CCC)
             Kenneth Elterich – Project Manager

     SunGard Availability Services (SAS)
             Michael Shandrowski – Project Manager
             Bradford Blair – Consultant
             Don Bowker – Consultant

Page 2 Date: 18-Nov-10
                              Session Agenda

         SunGard Availability Services
         Types of Disasters
         Business Continuity 101
         Recovery Strategies
         Business Impact Analysis (BIA)
              BIA Overview
              BIA Project Objectives
              BIA Engagement Process
              Roles & Responsibilities
              BIA Project Scope
              BIA Questionnaire
          Next Steps
          Questions and Discussions

Page 3 Date: 18-Nov-10
                         SunGard Availability Services

      Global presence with over $1.4 billion in annual revenue
      Over 3,000,000 square feet of facility space
      Over 50 mobile facilities staged in strategic locations
      Over 1,200 Disaster Recoveries; Over 100,000 Tests
      250 Consultants; 2,500+ Disaster Recovery employees
      Written 10,000+ plans; Over 7,500 software installations
      23 years of Leadership and Vision combined with the most
      comprehensive set of services available anywhere

Page 4 Date: 18-Nov-10
SunGard Recovery Facilities (North America)
          SunGard Centers – North America

   Page 5 Date: 18-Nov-10
                         What is a Disaster?

  An event that disables some or all of an organization’s
   critical business functions for an unacceptable period of
  An unacceptable period of time is unique to each
   organization / department / technology

Page 6 Date: 18-Nov-10
                         Types of Disasters

  Natural Disasters
         Hurricanes, Ice Storms, Floods, etc.

  Man-made Disasters (non-intent)
         Electrical Fires, Overhead Pipe Burst, Industrial Accident, etc.

  Technology Disasters
         Systems, Infrastructure, Network, Telecommunications, etc.

  Man-made / Political Disasters (intent)
         Terrorism, Product Tampering, Workplace Violence, etc.

Page 7 Date: 18-Nov-10
Technology Disaster

     Page 8 Date: 18-Nov-10
Technology Disaster

     Page 9 Date: 18-Nov-10
                                  Disaster Declarations
      SunGard Disaster Declarations By Event Type
                            (# of Customers’ Declared)
                                         Evacuation, Building   Earthquake
                                          Damage, Gas or          2%/19              Bomb
                                          Watermain Leak,                       Threat/Explosion
                                               Halon                                2%/21
                          Terrorism            1%/7                                                   Fire
                          14%/176                                                                    3%/42


                 Software                                                                          Hardware Failure
                  2%/27                                                                                33%/428

                                      Power Outage                 Outage)
                                        15%/195                     6%/71

•Recovery-Reason for Declarations: Percentage/Number

Page 10 Date: 18-Nov-10
                           Hartford Area Events

       Published on June 25, 2005, Children and adults were evacuated from a local day-care center
       Friday afternoon after solvent fumes were drawn into the building through its air-
       conditioning system
       Published on May 5, 2005, A failure in a main power line that feeds electricity into downtown
       Hartford caused a major blackout Wednesday for thousands of people in some of the city's
       largest and most crucial buildings, including Hartford Hospital.
       Published on March 13, 2005, The day after a natural gas explosion leveled a historic house
       that was being renovated, investigators on Saturday were focusing on the furnace as the
       possible spark to the explosion.
       Published on March 4, 2005, A chemical spill Thursday morning sent seven people
       to the hospital and forced the temporary shutdown of a factory in the southern
       end of the city.
       Published on February 2, 2005, With a few errant keystrokes Tuesday, a state official
       generated the familiar tones of the emergency broadcast system and what may be
       the most startling message to ever crawl across the bottom of television screens in

Page 11 Date: 18-Nov-10
                          Disaster Response

      Regardless of disaster type; there must be an appropriate
       response that meets the recovery objectives based upon
       the business impact
      Business Impact -> Appropriate Response
      Appropriate Response -> Recovery Strategy Selection

Page 12 Date: 18-Nov-10
                          Types of Recovery Strategies
  Internal or External Strategy
            Redundant / High-Availability
            Mobile Recovery
            Hot-site / Systems Recovery
            Hot-site / End-user Recovery
            Quick-ship Contracts
            Purchase At-Time-of-Disaster

Page 13 Date: 18-Nov-10
                 Business Continuity - Evolution

                                Business                                                   Availability
                      Business  Continuity

            Disaster Resumption Planning
            Recovery  Planning
Contingency Planning             Business & IT
                                                                                             available to
 Planning                        Recovery, +
                                                                                             the business
                                                   IT & Business Units   Business            in a more
                                                    Formalized Plans     Impact Analysis     diverse
                                 Limited to IS     Software Planning     & Risk              environment.
                                 Formal Plans                            Assessment
 Data Processing                                      Tools (Word
                               Software Planning        Processor &
 Informal Plans                                        Relational DB)
                                  Tools (WP)

    1960’s                        1970‘s               1980‘s             1990‘s              2000‘s
                                 Reactive                                          Proactive
     Page 14 Date: 18-Nov-10
                          What is Business Continuity?

 The ability of an organization to ensure continuity of
  service for its customers, and to maintain its viability
  before, after, and during an event.
 Business Continuity Planning involves:
           Assessment of the current environment & requirements
           Development of business recovery requirements
           Determination of the business impacts
           Mitigation of business risks / exposures
           Strategy development and selection
           Plan development
           Plan exercise (testing)
           Continuous improvement

Page 15 Date: 18-Nov-10
  Business Continuity Program Methodology

                                             SunGard Best Practices
    Evaluate                                 Architect                        Implement                       Activate                              Sustain

     Technology                              Strategy                         Recovery Plan                   Initiation                            Assess /
     Profile                                 Analysis                         Development                                                           Advise

                                                                                                                           Solution Certification

                                                                                                                                                                    Solution Evolution
                          Solution Roadmap

                                                         Solution Blueprint
     Bus. Impact                             Recovery                         Implement                       Testing &                             Enhancement

                                                                                          Solution Delivery
     Analysis                                Solution                         Strategy                        Validation
     Requirements                                                                                                                                   Certification

Page 16 Date: 18-Nov-10
                          Business Continuity Terms

Recovery Time Objective (RTO)
 The period of time within which technical services and / or
  business functions must be recovered and available after an
  outage (e.g. one business day); measured form the time of disaster
  to the resumption of production operations.

Recovery Point Objective (RPO)
 The acceptable level of data loss exposure following an unplanned
  event. This is the point in time (prior to the disaster) to which lost
  data can be restored; typically the last backup taken offsite.

Page 17 Date: 18-Nov-10
                          Business Continuity Terms

 Lost Transactions
  Transactions previously entered into a system that cannot be
   recovered from the last available backup media.

 Backlogged Transactions
  Transactions that accumulate beginning from the moment a
   system becomes unavailable to the time when the system is once
   again available.

Page 18 Date: 18-Nov-10
        Business Continuity Recovery Process
                  Sample Timeline
                        Stage 1       Stage 2     Stage 3     Stage 4     Stage 5     Stage 6    Stage 7

 Recovery Point                            Restore Technology
     (RPO)                                                               Synchronization

                                      Op. Sys. Applications    Data

Last Offsite
  Backup                                Restore Communications

  Business             Immediate                                           Resume     Interim   Return
  as Usual             Response                                            Business     Site    Home
                      & Relocation      Restore Business Functions

                                      Workarea Functional Backlog &
                                     Restoration Restoration Lost Data
                                     Recovery Time Objective (RTO)
        Page 19 Date: 18-Nov-10
                                   BIA Overview

  What is a Business Impact Analysis ?
          Management decision-making tool:
            • Foundation for establishing recovery priorities
            • Foundation for mitigation of existing exposures
            • Foundation for recovery-strategy selection
            • Foundation for recovery-plan development

  What information is contained in the BIA?
            Who are the most critical (time sensitive) business departments?
            What are the critical resources required by each business department?
            When do the critical business departments need to be available?
            Where can operations continue if a unplanned outage were to occur?
            Why do we need to recover the critical departments and resources?

  What information is not contained in the BIA?
          The How - detailed procedures to restore operations following a disaster?

Page 20 Date: 18-Nov-10
                          BIA Project Objectives

      Conduct a Business Impact Analysis (BIA)
         Quantify impacts of an interruption to the Business
         Identify Recovery Objectives
         Document recovery requirements
      Asses Current Technology Practices
           Identify current data protection practices
           Identify data backup infrastructure, practices, policies
           Identify data recovery capability
           Identify data center risks and exposures
      Present Findings to CCC
           Highlight gaps in existing recovery capabilities and the business
            unit requirements
           Identify recovery options

Page 21 Date: 18-Nov-10
                          BIA Project Process-flow

        Project                Data         Data      BIA Report     Executive
       Initiation            Gathering     Analysis   Deliverable   Presentation
                            & Validation

    Project Kickoff & Awareness Session
    Questionnaire & Interview Data Collection Process
    Technical Review of Current Capabilities & Practices
    Findings and Analysis (Business Objectives, Technically
     Achievable, Gaps, Requirements, etc.)
    Information gathered will be used for Developing
     Recovery Options Within Final Report
    Executive Summary Presented to Senior Management

Page 22 Date: 18-Nov-10
     Participant Roles & Responsibilities

     General
         Represent your business unit and serve as subject matter expert
          throughout the project
         Identify additional personnel who can provide valuable input
     Business Impact Analysis
            Identify necessary information to answer BIA Questionnaire
            Attend BIA Interview Session to Review Questionnaire
            Validate accuracy of data submitted, when requested
            Participate in validation of draft BIA report section prepared by
             SunGard for your business unit

Page 23 Date: 18-Nov-10
                          BIA Participants

 Business Units / Departments
           Academic (Continuing Education, Instruction, Teaching)
           Student Records (Records Office & Admissions)
           Financial Aid
           Finance / Budget (Accounting, Payroll, etc.)
           Human Resources
           Legal
           Library
           Institutional Research
 Information Technology
         Network
         Applications
         IT Directors

  Are any critical departments not accounted for?

Page 24 Date: 18-Nov-10
                          BIA Questionnaire
     Distribute BIA Questionnaire to all identified participants
     Review BIA Questionnaire in more detail
     Determine if you need to complete the BIA Questionnaire
      individually; or if you can team up and submit a single
      questionnaire representing multiple locations
             Perform similar business functions at different colleges
             Use the same technical infrastructure
             Will suffer the same impacts
     Notify Ken if you are submitting individually or with others
     Complete as much information within BIA Questionnaire
      as possible prior to the due date

Page 25 Date: 18-Nov-10
                          BIA Workshop
     Scheduled for 3-hour sessions (September 19-23)
             9:00 – 12:00 PM or 1:00 – 4:00 PM
     Single Workshop per business unit / department
     Represent your department / area at BIA Workshop
     Review and validate collected information
     Gain group consensus on information, prioritization &

Page 26 Date: 18-Nov-10
        BIA Interview Point-of-Discussion
     Business Functions Identification
     Maximum Allowable Downtime
     Maximum Data Loss
     Internal and External Dependencies
     Financial & Operational Impacts
     Recovery Preparedness
     Vital Records
     Critical Applications Prioritization
     Minimum Recovery Requirements

Page 27 Date: 18-Nov-10
                          Next Steps

  Project Kickoff & Awareness Session: July 14
  Distribute BIA Questionnaire to Participants: July 19
  Complete & Return BIA Questionnaire: July 20 - August 5
  Preliminary Data Review & Follow-up: August 9 – Sept.10
  Conduct BIA Interviews: September 19-23
  Validate Collected Information: September 28-30
  Perform Data Analysis & Develop Draft Report: October 4-15
  Review & Validate Preliminary BIA Report: October 18-22
  Deliver Executive Presentation & Final Report: October 25-29

Page 28 Date: 18-Nov-10
                     Questions and Discussion

Page 29 Date: 18-Nov-10
                          SunGard Contact Information
      Brad Blair
              Tel: 203-750-8117
              E-Mail:
      Don Bowker
              Tel: 201-722-2064
              Cell: 908-672-5385
              E-Mail:
      Michael Shandrowski
              Tel: 203-750-8118
              E-Mail:

Page 30 Date: 18-Nov-10

Description: Business Impact Analysis Services document sample