Business Impact Analysis Services

Document Sample
Business Impact Analysis Services Powered By Docstoc
					SunGard Availability Services
          Business Impact Analysis (BIA)
         Connecticut Community Colleges
                          July 14, 2005

 Page 1 Date: 18-Nov-10
                         Welcome and Introductions

     Connecticut Community Colleges (CCC)
             Kenneth Elterich – Project Manager

     SunGard Availability Services (SAS)
             Michael Shandrowski – Project Manager
             Bradford Blair – Consultant
             Don Bowker – Consultant




Page 2 Date: 18-Nov-10
                              Session Agenda

         SunGard Availability Services
         Types of Disasters
         Business Continuity 101
         Recovery Strategies
         Business Impact Analysis (BIA)
              BIA Overview
              BIA Project Objectives
              BIA Engagement Process
              Roles & Responsibilities
              BIA Project Scope
              BIA Questionnaire
          Next Steps
          Questions and Discussions



Page 3 Date: 18-Nov-10
                         SunGard Availability Services

      Global presence with over $1.4 billion in annual revenue
      Over 3,000,000 square feet of facility space
      Over 50 mobile facilities staged in strategic locations
      Over 1,200 Disaster Recoveries; Over 100,000 Tests
      250 Consultants; 2,500+ Disaster Recovery employees
      Written 10,000+ plans; Over 7,500 software installations
      23 years of Leadership and Vision combined with the most
      comprehensive set of services available anywhere




Page 4 Date: 18-Nov-10
SunGard Recovery Facilities (North America)
          SunGard Centers – North America




   Page 5 Date: 18-Nov-10
                         What is a Disaster?

  An event that disables some or all of an organization’s
   critical business functions for an unacceptable period of
      time.
  An unacceptable period of time is unique to each
   organization / department / technology




Page 6 Date: 18-Nov-10
                         Types of Disasters

  Natural Disasters
         Hurricanes, Ice Storms, Floods, etc.

  Man-made Disasters (non-intent)
         Electrical Fires, Overhead Pipe Burst, Industrial Accident, etc.

  Technology Disasters
         Systems, Infrastructure, Network, Telecommunications, etc.

  Man-made / Political Disasters (intent)
         Terrorism, Product Tampering, Workplace Violence, etc.




Page 7 Date: 18-Nov-10
Technology Disaster




     Page 8 Date: 18-Nov-10
Technology Disaster




     Page 9 Date: 18-Nov-10
                                  Disaster Declarations
      SunGard Disaster Declarations By Event Type
                            (# of Customers’ Declared)
                                         Evacuation, Building   Earthquake
                                          Damage, Gas or          2%/19              Bomb
                                          Watermain Leak,                       Threat/Explosion
                                               Halon                                2%/21
                          Terrorism            1%/7                                                   Fire
                          14%/176                                                                    3%/42


                                                                                                         Flood
                                                                                                         6%/78
       Hurricanes/Weather
             16%/198




                 Software                                                                          Hardware Failure
                  2%/27                                                                                33%/428

                                                                Other(Network
                                      Power Outage                 Outage)
                                        15%/195                     6%/71




•Recovery-Reason for Declarations: Percentage/Number


Page 10 Date: 18-Nov-10
                           Hartford Area Events

  SOLVENT FUMES PROMPT DAY-CARE EVACUATION
       Published on June 25, 2005, Children and adults were evacuated from a local day-care center
       Friday afternoon after solvent fumes were drawn into the building through its air-
       conditioning system
  UTILITY WORK TRIGGERS OUTAGE
       Published on May 5, 2005, A failure in a main power line that feeds electricity into downtown
       Hartford caused a major blackout Wednesday for thousands of people in some of the city's
       largest and most crucial buildings, including Hartford Hospital.
  FURNACE MAY HAVE CAUSED BLAST
       Published on March 13, 2005, The day after a natural gas explosion leveled a historic house
       that was being renovated, investigators on Saturday were focusing on the furnace as the
       possible spark to the explosion.
  CHEMICAL SPILL FORCES PLANT'S EVACUATION
       Published on March 4, 2005, A chemical spill Thursday morning sent seven people
       to the hospital and forced the temporary shutdown of a factory in the southern
       end of the city.
  CONNECTICUT EVACUATION: FALSE ALARM
       Published on February 2, 2005, With a few errant keystrokes Tuesday, a state official
       generated the familiar tones of the emergency broadcast system and what may be
       the most startling message to ever crawl across the bottom of television screens in
       Connecticut:




Page 11 Date: 18-Nov-10
                          Disaster Response

      Regardless of disaster type; there must be an appropriate
       response that meets the recovery objectives based upon
       the business impact
      Business Impact -> Appropriate Response
      Appropriate Response -> Recovery Strategy Selection




Page 12 Date: 18-Nov-10
                          Types of Recovery Strategies
  Internal or External Strategy
            Redundant / High-Availability
            Mobile Recovery
            Hot-site / Systems Recovery
            Hot-site / End-user Recovery
            Quick-ship Contracts
            Purchase At-Time-of-Disaster




Page 13 Date: 18-Nov-10
                 Business Continuity - Evolution


                                                                                           Information
                                Business                                                   Availability
                      Business  Continuity

            Disaster Resumption Planning
            Recovery  Planning
                                                                                             Keeping
Contingency Planning             Business & IT
                                                                                             Information
                                                                                             available to
 Planning                        Recovery, +
                                                                                             the business
                                                   IT & Business Units   Business            in a more
                                                    Formalized Plans     Impact Analysis     diverse
                                 Limited to IS     Software Planning     & Risk              environment.
                                 Formal Plans                            Assessment
 Data Processing                                      Tools (Word
                                                                         (prevention).
                               Software Planning        Processor &
 Informal Plans                                        Relational DB)
                                  Tools (WP)


    1960‘s
    LEVEL
    1960’s                        1970‘s               1980‘s             1990‘s              2000‘s
    0
                                 Reactive
                                 Reactive                                          Proactive
     Page 14 Date: 18-Nov-10
                          What is Business Continuity?

 The ability of an organization to ensure continuity of
  service for its customers, and to maintain its viability
  before, after, and during an event.
 Business Continuity Planning involves:
           Assessment of the current environment & requirements
           Development of business recovery requirements
           Determination of the business impacts
           Mitigation of business risks / exposures
           Strategy development and selection
           Plan development
           Plan exercise (testing)
           Continuous improvement




Page 15 Date: 18-Nov-10
  Business Continuity Program Methodology

                                             SunGard Best Practices
    Evaluate                                 Architect                        Implement                       Activate                              Sustain

     Technology                              Strategy                         Recovery Plan                   Initiation                            Assess /
     Profile                                 Analysis                         Development                                                           Advise




                                                                                                                           Solution Certification




                                                                                                                                                                    Solution Evolution
                          Solution Roadmap




                                                         Solution Blueprint
     Bus. Impact                             Recovery                         Implement                       Testing &                             Enhancement




                                                                                          Solution Delivery
     Analysis                                Solution                         Strategy                        Validation
                                             Design
     Requirements                                                                                                                                   Certification
     Analysis




Page 16 Date: 18-Nov-10
                          Business Continuity Terms

Recovery Time Objective (RTO)
 The period of time within which technical services and / or
  business functions must be recovered and available after an
  outage (e.g. one business day); measured form the time of disaster
  to the resumption of production operations.


Recovery Point Objective (RPO)
 The acceptable level of data loss exposure following an unplanned
  event. This is the point in time (prior to the disaster) to which lost
  data can be restored; typically the last backup taken offsite.




Page 17 Date: 18-Nov-10
                          Business Continuity Terms

 Lost Transactions
  Transactions previously entered into a system that cannot be
   recovered from the last available backup media.

 Backlogged Transactions
  Transactions that accumulate beginning from the moment a
   system becomes unavailable to the time when the system is once
   again available.




Page 18 Date: 18-Nov-10
        Business Continuity Recovery Process
                  Sample Timeline
                        Stage 1       Stage 2     Stage 3     Stage 4     Stage 5     Stage 6    Stage 7

 Recovery Point                            Restore Technology
   Objective
     (RPO)                                                               Synchronization

                                      Op. Sys. Applications    Data

Last Offsite
  Backup                                Restore Communications




  Business             Immediate                                           Resume     Interim   Return
  as Usual             Response                                            Business     Site    Home
                      & Relocation      Restore Business Functions




                                      Workarea Functional Backlog &
                                     Restoration Restoration Lost Data
                                     Recovery Time Objective (RTO)
        Page 19 Date: 18-Nov-10
                                   BIA Overview

  What is a Business Impact Analysis ?
          Management decision-making tool:
            • Foundation for establishing recovery priorities
            • Foundation for mitigation of existing exposures
            • Foundation for recovery-strategy selection
            • Foundation for recovery-plan development


  What information is contained in the BIA?
            Who are the most critical (time sensitive) business departments?
            What are the critical resources required by each business department?
            When do the critical business departments need to be available?
            Where can operations continue if a unplanned outage were to occur?
            Why do we need to recover the critical departments and resources?


  What information is not contained in the BIA?
          The How - detailed procedures to restore operations following a disaster?




Page 20 Date: 18-Nov-10
                          BIA Project Objectives

      Conduct a Business Impact Analysis (BIA)
         Quantify impacts of an interruption to the Business
         Identify Recovery Objectives
         Document recovery requirements
      Asses Current Technology Practices
           Identify current data protection practices
           Identify data backup infrastructure, practices, policies
           Identify data recovery capability
           Identify data center risks and exposures
      Present Findings to CCC
           Highlight gaps in existing recovery capabilities and the business
            unit requirements
           Identify recovery options




Page 21 Date: 18-Nov-10
                          BIA Project Process-flow

        Project                Data         Data      BIA Report     Executive
       Initiation            Gathering     Analysis   Deliverable   Presentation
                            & Validation




    Project Kickoff & Awareness Session
    Questionnaire & Interview Data Collection Process
    Technical Review of Current Capabilities & Practices
    Findings and Analysis (Business Objectives, Technically
     Achievable, Gaps, Requirements, etc.)
    Information gathered will be used for Developing
     Recovery Options Within Final Report
    Executive Summary Presented to Senior Management


Page 22 Date: 18-Nov-10
     Participant Roles & Responsibilities

     General
         Represent your business unit and serve as subject matter expert
          throughout the project
         Identify additional personnel who can provide valuable input
     Business Impact Analysis
            Identify necessary information to answer BIA Questionnaire
            Attend BIA Interview Session to Review Questionnaire
            Validate accuracy of data submitted, when requested
            Participate in validation of draft BIA report section prepared by
             SunGard for your business unit




Page 23 Date: 18-Nov-10
                          BIA Participants

 Business Units / Departments
           Academic (Continuing Education, Instruction, Teaching)
           Student Records (Records Office & Admissions)
           Financial Aid
           Finance / Budget (Accounting, Payroll, etc.)
           Human Resources
           Legal
           Library
           Institutional Research
 Information Technology
         Network
         Applications
         IT Directors


  Are any critical departments not accounted for?


Page 24 Date: 18-Nov-10
                          BIA Questionnaire
     Distribute BIA Questionnaire to all identified participants
     Review BIA Questionnaire in more detail
     Determine if you need to complete the BIA Questionnaire
      individually; or if you can team up and submit a single
      questionnaire representing multiple locations
             Perform similar business functions at different colleges
             Use the same technical infrastructure
             Will suffer the same impacts
     Notify Ken if you are submitting individually or with others
     Complete as much information within BIA Questionnaire
      as possible prior to the due date




Page 25 Date: 18-Nov-10
                          BIA Workshop
     Scheduled for 3-hour sessions (September 19-23)
             9:00 – 12:00 PM or 1:00 – 4:00 PM
     Single Workshop per business unit / department
     Represent your department / area at BIA Workshop
     Review and validate collected information
     Gain group consensus on information, prioritization &
      impacts




Page 26 Date: 18-Nov-10
        BIA Interview Point-of-Discussion
     Business Functions Identification
     Maximum Allowable Downtime
     Maximum Data Loss
     Internal and External Dependencies
     Financial & Operational Impacts
     Recovery Preparedness
     Vital Records
     Critical Applications Prioritization
     Minimum Recovery Requirements




Page 27 Date: 18-Nov-10
                          Next Steps

  Project Kickoff & Awareness Session: July 14
  Distribute BIA Questionnaire to Participants: July 19
  Complete & Return BIA Questionnaire: July 20 - August 5
  Preliminary Data Review & Follow-up: August 9 – Sept.10
  Conduct BIA Interviews: September 19-23
  Validate Collected Information: September 28-30
  Perform Data Analysis & Develop Draft Report: October 4-15
  Review & Validate Preliminary BIA Report: October 18-22
  Deliver Executive Presentation & Final Report: October 25-29




Page 28 Date: 18-Nov-10
                     Questions and Discussion




Page 29 Date: 18-Nov-10
                          SunGard Contact Information
      Brad Blair
              Tel: 203-750-8117
              E-Mail: bradford.blair@Sungard.com
      Don Bowker
              Tel: 201-722-2064
              Cell: 908-672-5385
              E-Mail: Donald.bowker@Sungard.com
      Michael Shandrowski
              Tel: 203-750-8118
              E-Mail: michael.shandrowski@Sungard.com




Page 30 Date: 18-Nov-10

				
DOCUMENT INFO
Description: Business Impact Analysis Services document sample