SlideShare a Scribd company logo
1 of 29
Download to read offline
The Importance Of Business Continuity And Disaster Recovery Planning 
By Aqel M. Aqel 
Information Systems Audit & Control Association 
Rolling Meadows Illinois –USA (www.isaca.org) 
CISA –Coordinator / Research Director -Riyadh Chapter 
Dec 2014
Why BCP & DRP 
•Successful businesses expect the unexpected and plan for it. 
•Disruptions to your business can result in: 
•Data risk, 
•Revenue loss, 
•Failure to deliver services 
•That’s why organizations need strong business continuity planning. 
John Sharp, 2012,The Route Map to Business Continuity Management: Meeting the Requirements of ISO 22301’ by 
A Good Plan Increases Your Chances of Recovery
Concepts and Terminology 
•Business continuitydescribes the processes and procedures an organization must put in place to ensure that mission-critical functions can continue during and after a disaster. 
•Disaster recoveryrefers to specific steps taken to resume operations in the aftermath of a catastrophic disaster (natural or national emergency)
Reasons behind Disasters 
•Environmental Disasters 
•Tornado& Hurricane 
•Power Grid Failure 
•Flood 
•Snowstorm 
•Earthquake 
•Electrical storms 
•Fire 
•Fire 
•Sink Holes 
•Landslides 
Man Made Disruptions 
Terrorist Attack 
Sabotage التخريب 
War / Theft 
Arson الحريق المتعمد 
Labor Disputes 
Equipment or System Failure 
Internal power failure 
Air conditioning failure 
Cooling plant failure 
Equipment failure 
IT Failures and Security Breaches 
Cyber crime 
Loss of records or data 
Disclosure of sensitive information 
IT system failure
More Concepts and Terminology 
Recovery Point Objective(RPO) measures the ability to recover files by specifying a point in time restore of the backup copy. 
Recovery Time Objective(RTO)measures the time that it takes for a system to be completely up and running in the event of a disaster. 
Source: Network Servers 2011
More Concepts and Terminology 
•Recovery Point Objective(RPO) measures the ability to recover files by specifying a point in time restore of the backup copy.i.e. 
•Amount of data lost from failure, measured as the amount of time from a disaster event 
•It's determined by the amount of time between data protection events and reflects the amount of data that potentially could be lost during a disaster recovery. 
•The metric is an indication of the amount of data at risk of being lost. 
•Recovery Time Objective(RTO)measures the time that it takes for a system to be completely up and running in the event of a disaster. i.e. 
•Targeted amount of time to restart a business service after a disaster event. 
•It is related to downtime. The metric refers to the amount of time it takes to recover from a data loss event and how long it takes to return to service. 
•RTO refers then to the amount of time the system's data is unavailable or inaccessible preventing normal service.
RPO and RTO
RTO and RPO 
Source: http://wikibon.org/w/images/0/04/RPO_RTO_Horison.jpg
Facts 
•The US Chamber of Commerce reported that: 
•the economic losses in 2011, as a result of natural disasters, reached $380 million. 
•Federal Emergency Management Agency (www.fema.gov) reports: 
•40-60% of businesses that close due to disaster never reopen!! 
(source: https://telovations.wordpress.com/tag/revenue-lost-due-to-natural-disaster/
Facts 
Source: FreeFormDynamics 2011 
•Only 23% of Respondents said: yes, there is a formal DR plan in place.
Facts 
•Numbers Speaks!
Facts 
Source: http://www.e-janco.com/DRP_BCP_Audit.html
Facts 
Source: http://powerwindows.wordpress.com/2010/10/25/windows-geoclusters-stretch-clusters-and-recoverpointce-failover/ 
•Cost of downtime does not propagate linearly!
Facts 
•What part of IT infrastructures are covered by BC/DR plans 
Source: Howard Marks (2008) http://www.informationweek.com/practical-disaster-recovery-for-midsize-companies/d/d-id/1075012?
Facts 
Source: Howard Marks (2008) http://www.informationweek.com/practical-disaster-recovery-for-midsize-companies/d/d-id/1075012? 
•What are the barriers to adoption of a business continuity plan? 
•Cost and complexity are 
•Lack of skills is a reason as well.
Facts 
http://www.crn.com/slide-shows/storage/240006796/8-surprising-disaster-recovery-stats.htm/pgno/0/7 
86% of companies experienced one or more instances of system downtime in the previous 12 months. 
Downtimes lasted 2.2 days on the average and cost each business an average of $366,363 a year. 
33% of businesses admitted they do not back up virtual servers as often as they do their physical servers.
Policies 
Support Motivation 
Sponsoring & follow up 
Procedures 
Policies 
Tools 
Roles and Responsibilities 
Methodologies / Best Practices 
Training 
Validation 
Audit Programs 
Reports 
Awareness 
Source: Aqel M. Aqel, IT Security in your firm, what is it, & how to achieve it. (2011). 
Monitoring 
Execution 
Leadership 
Actionable model
ISO 22301 
In 2012, BCI in partnership with BSI launch of ISO 22301, the new global standard for business continuity management.
ISO 22301 
•Provides a comprehensive set of controls based on BCM best practice. 
•Covets the whole BCM lifecycle. 
•Defines the strategic and tactical capability of an organization to plan for and respond to incidents. 
•It is generic and offers organizations guidance on putting their BCM systems in place.
ISO 22301 –2012 key Clauses 
•Clause 1:Scope 
•Clause 2:Normative References 
•Clause 3:Terms and Conditions 
•Clause 4:Context of the organization 
•Clause 5:Leadership 
•Clause 6:Planning 
•Clause 7:Support 
•Clause 8:Operation 
•Clause 9:Performance evaluation 
•Clause 10: Improvement
ISO 22301 -Clause 4:Context of the organization
ISO 22301 –Clause 5:Leadership 
•Top management needs to demonstrate an ongoing commitment to the BCMS. 
•Integrating the BCMS requirements into the organization’s business processes 
•Providing the necessary resources for the BCMS 
•Communicating the importance of effective business continuity management 
•Ensuring that the BCMS achieves its expected outcomes 
•Directing and supporting continual improvement 
•Establish and communicate a business continuity policy 
•Ensuring that BCMS objectives and plans are established 
•Ensuring that the responsibilities and authorities for relevant roles are assigned
ISO 22301 –Clause 6:Planning 
•Establishing strategic objectives and guiding principles for the BCMS. 
•The business continuity objectives must: be consistent with the business continuity policy; 
•Ttakeinto account the minimum level of products and services that is acceptable to the organization to achieve its objectives; 
•be measurable; 
•take into account applicable requirements; 
•be monitored and updated as appropriate
ISO 22301 –Clause 7:Support 
•Using the appropriate resources for each task. 
•Competent staff with relevant (and demonstrable) 
•Training and supporting services 
•Awareness and communication. 
•Both internal and external communications of the organization must be considered in this area. 
•The requirements on the creation, update and control of documented information are also specified in this clause.
ISO 22301 –Clause 8:Operation 
•Business Impact Analysis (BIA): 
•Risk assessment 
•Business continuity strategy: 
•Business continuity procedures: 
•Exercising and testing
ISO 22301 –Clause 9:Performance evaluation 
•ISO 22301 requires permanent monitoring of the system as well as periodic reviews to improve its operation: 
•monitoring the extent to which the organization’s business continuity policy, objectives and targets are met; 
•measuring the performance of the processes, procedures and functions that protect its prioritized activities; 
•monitoring compliance with this standard and the business continuity objectives; 
•monitoring historical evidence of deficient BCMS’ performance 
•conducting internal audits at planned intervals; and 
•evaluating all this in the management review at planned intervals.
ISO 22301 –Clause 10: Improvement 
•Continual improvement: 
•all the actions taken throughout the organization to increase effectiveness (reaching objectives) and efficiency (an optimal cost/benefit ratio) of security processes and controls to bring increased benefits to the organization and its stakeholders.
More information 
•The American Institute of Certified Public Accountants (AICPA) 
•Information Systems Audit and Control Association (ISACA) 
•Association of Information Technology Professionals (AITP) 
•Institute of Internal Auditors (IIA) 
•International Association for Computer Information Systems (IACIS) 
•Information Systems Security Association (ISSA) 
•International Disaster Recovery Association (IDRA) 
•Business Recovery Managers Association (BRMA) 
•British Standards Institute (BSI) 
•http://www.slideshare.net/AhmedRiad2/ss-38345026
Thank you

More Related Content

What's hot

IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintluweinet
 
Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Business continuity management www.reconglobal.in
Business continuity management   www.reconglobal.inBusiness continuity management   www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Best Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingAxcient
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
Disaster Recovery Plan
Disaster Recovery Plan Disaster Recovery Plan
Disaster Recovery Plan Emilie Gray
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301mascot4u
 

What's hot (20)

IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business Continuity
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprint
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planing
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation Overview
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
Business continuity management www.reconglobal.in
Business continuity management   www.reconglobal.inBusiness continuity management   www.reconglobal.in
Business continuity management www.reconglobal.in
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Best Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and TestingBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
 
Disaster Recovery Plan
Disaster Recovery Plan Disaster Recovery Plan
Disaster Recovery Plan
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
 

Viewers also liked

Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Modelaqel aqel
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery PresentationTimSchaefer
 
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...aqel aqel
 
3rd kingdom cyber security forum it gov in saudi arabia- aqel
3rd kingdom cyber security forum   it gov in saudi arabia- aqel3rd kingdom cyber security forum   it gov in saudi arabia- aqel
3rd kingdom cyber security forum it gov in saudi arabia- aqelaqel aqel
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0aqel aqel
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 
Business continuity overview slideshare
Business continuity overview slideshareBusiness continuity overview slideshare
Business continuity overview slideshareChris Greenhill
 
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...aqel aqel
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introductionaqel aqel
 
DRP Presentation
DRP PresentationDRP Presentation
DRP PresentationJamaz Hall
 
The MILES Series - IT - Bringing Everything Together
The MILES Series - IT - Bringing Everything TogetherThe MILES Series - IT - Bringing Everything Together
The MILES Series - IT - Bringing Everything TogetherAnurag Purohit
 
Business continuity and disaster recovery planning
Business continuity and disaster recovery planningBusiness continuity and disaster recovery planning
Business continuity and disaster recovery planningYaakub Idris
 
Emerging Risks, BCP & DRP
Emerging Risks, BCP & DRPEmerging Risks, BCP & DRP
Emerging Risks, BCP & DRPJorge Sebastiao
 
Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Compassites Navigator
 
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P APecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P ACompassites Navigator
 
Myths and realities about designing high availability data centers
Myths and realities about designing high availability data centersMyths and realities about designing high availability data centers
Myths and realities about designing high availability data centersMorrison Hershfield
 
تطوير الخدمات الحكومية الإلكترونية في عصر القيادة الإلكترونية
تطوير الخدمات الحكومية الإلكترونية في عصر  القيادة الإلكترونيةتطوير الخدمات الحكومية الإلكترونية في عصر  القيادة الإلكترونية
تطوير الخدمات الحكومية الإلكترونية في عصر القيادة الإلكترونيةHani AlGhofaily
 

Viewers also liked (20)

Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Model
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...
 
3rd kingdom cyber security forum it gov in saudi arabia- aqel
3rd kingdom cyber security forum   it gov in saudi arabia- aqel3rd kingdom cyber security forum   it gov in saudi arabia- aqel
3rd kingdom cyber security forum it gov in saudi arabia- aqel
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business continuity overview slideshare
Business continuity overview slideshareBusiness continuity overview slideshare
Business continuity overview slideshare
 
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...
Introduction to IT Governance using Cobit 5 مقدمة في حوكمة تقنية المعلومات - ...
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
DRP Presentation
DRP PresentationDRP Presentation
DRP Presentation
 
The MILES Series - IT - Bringing Everything Together
The MILES Series - IT - Bringing Everything TogetherThe MILES Series - IT - Bringing Everything Together
The MILES Series - IT - Bringing Everything Together
 
Business continuity and disaster recovery planning
Business continuity and disaster recovery planningBusiness continuity and disaster recovery planning
Business continuity and disaster recovery planning
 
DRP presentation
DRP presentationDRP presentation
DRP presentation
 
Emerging Risks, BCP & DRP
Emerging Risks, BCP & DRPEmerging Risks, BCP & DRP
Emerging Risks, BCP & DRP
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P Pecha Kuch - BCP & DRP - By Balasubramanian P
Pecha Kuch - BCP & DRP - By Balasubramanian P
 
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P APecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
Pecha Kuch – Trips You Should Definitely Make In Your Lifetime- By Sanjay P A
 
Ict provincial-and-local-government
Ict provincial-and-local-governmentIct provincial-and-local-government
Ict provincial-and-local-government
 
Myths and realities about designing high availability data centers
Myths and realities about designing high availability data centersMyths and realities about designing high availability data centers
Myths and realities about designing high availability data centers
 
تطوير الخدمات الحكومية الإلكترونية في عصر القيادة الإلكترونية
تطوير الخدمات الحكومية الإلكترونية في عصر  القيادة الإلكترونيةتطوير الخدمات الحكومية الإلكترونية في عصر  القيادة الإلكترونية
تطوير الخدمات الحكومية الإلكترونية في عصر القيادة الإلكترونية
 

Similar to Bcp drp

Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
Example Of Business Operations Analysis Powerpoint Presentation Slides
Example Of Business Operations Analysis Powerpoint Presentation SlidesExample Of Business Operations Analysis Powerpoint Presentation Slides
Example Of Business Operations Analysis Powerpoint Presentation SlidesSlideTeam
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
 
Recovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackRecovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackThomas Bronack
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineGraeme Parker
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
Addendum 1 to iso presentation
Addendum 1 to iso presentationAddendum 1 to iso presentation
Addendum 1 to iso presentationC P Chandrasekaran
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...Perficient
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelAxcient
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529eChipo Nyachiwowa
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
ORGANIZATION CONSULTANTS Enterprise Content Management a.docx
ORGANIZATION CONSULTANTS Enterprise Content Management a.docxORGANIZATION CONSULTANTS Enterprise Content Management a.docx
ORGANIZATION CONSULTANTS Enterprise Content Management a.docxvannagoforth
 

Similar to Bcp drp (20)

Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Example Of Business Operations Analysis Powerpoint Presentation Slides
Example Of Business Operations Analysis Powerpoint Presentation SlidesExample Of Business Operations Analysis Powerpoint Presentation Slides
Example Of Business Operations Analysis Powerpoint Presentation Slides
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
 
Recovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackRecovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom Bronack
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Addendum 1 to iso presentation
Addendum 1 to iso presentationAddendum 1 to iso presentation
Addendum 1 to iso presentation
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
 
The Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity LevelThe Surprising Truth About Your Disaster Recovery Maturity Level
The Surprising Truth About Your Disaster Recovery Maturity Level
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Business impact analysis
Business impact analysis Business impact analysis
Business impact analysis
 
Operation var (ama) con0529e
Operation var (ama) con0529eOperation var (ama) con0529e
Operation var (ama) con0529e
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
ORGANIZATION CONSULTANTS Enterprise Content Management a.docx
ORGANIZATION CONSULTANTS Enterprise Content Management a.docxORGANIZATION CONSULTANTS Enterprise Content Management a.docx
ORGANIZATION CONSULTANTS Enterprise Content Management a.docx
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
 
Case Studies
Case StudiesCase Studies
Case Studies
 

Recently uploaded

Making Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsMaking Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsCIToolkit
 
Analyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingAnalyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingCIToolkit
 
Performance Management Notes for MBA Students
Performance Management Notes for MBA StudentsPerformance Management Notes for MBA Students
Performance Management Notes for MBA StudentsManickam Gajapathy
 
From Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMFrom Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMGloria Chow
 
What is 5S principles of trainers for training institutions.pdf
What is 5S principles of trainers for training institutions.pdfWhat is 5S principles of trainers for training institutions.pdf
What is 5S principles of trainers for training institutions.pdfBALASUNDARESAN M
 
Tackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanTackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanStefan Wolpers
 
Roadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint PresentationRoadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint Presentationgdscghrcem
 
An Important Step Toward Process Improvement
An Important Step Toward Process ImprovementAn Important Step Toward Process Improvement
An Important Step Toward Process ImprovementCIToolkit
 
Value Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationValue Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationCIToolkit
 
The Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectThe Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectCIToolkit
 
Unlocking Insights and Driving Solutions Using the 5 Whys Approach
Unlocking Insights and Driving Solutions Using the 5 Whys ApproachUnlocking Insights and Driving Solutions Using the 5 Whys Approach
Unlocking Insights and Driving Solutions Using the 5 Whys ApproachCIToolkit
 
Empowering Resilience & Strategic Growth: Insights for Emerging Leaders
Empowering Resilience & Strategic Growth: Insights for Emerging LeadersEmpowering Resilience & Strategic Growth: Insights for Emerging Leaders
Empowering Resilience & Strategic Growth: Insights for Emerging LeadersMahmoud Rabie
 
Growing a Thriving and Engaged Remote Team
Growing a Thriving and Engaged Remote TeamGrowing a Thriving and Engaged Remote Team
Growing a Thriving and Engaged Remote TeamJulie Cameron
 
Applying the PDCA Cycle: A Blueprint for Continuous Improvement
Applying the PDCA Cycle: A Blueprint for Continuous ImprovementApplying the PDCA Cycle: A Blueprint for Continuous Improvement
Applying the PDCA Cycle: A Blueprint for Continuous ImprovementCIToolkit
 
A3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingA3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingCIToolkit
 
Organizations in a Future with Generative AI
Organizations in a Future with Generative AIOrganizations in a Future with Generative AI
Organizations in a Future with Generative AIKye Andersson
 
Forget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsForget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsStephan Koning
 
How the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioHow the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioChristopher Totten
 
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...AgileNetwork
 

Recently uploaded (20)

Making Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity DiagramsMaking Sense of Multiple Ideas with Affinity Diagrams
Making Sense of Multiple Ideas with Affinity Diagrams
 
Analyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value MappingAnalyzing and Monitoring Processes through Time Value Mapping
Analyzing and Monitoring Processes through Time Value Mapping
 
Performance Management Notes for MBA Students
Performance Management Notes for MBA StudentsPerformance Management Notes for MBA Students
Performance Management Notes for MBA Students
 
From Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EMFrom Command Line to Reporting Line: The Diary of a First-Time EM
From Command Line to Reporting Line: The Diary of a First-Time EM
 
What is 5S principles of trainers for training institutions.pdf
What is 5S principles of trainers for training institutions.pdfWhat is 5S principles of trainers for training institutions.pdf
What is 5S principles of trainers for training institutions.pdf
 
Tackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna RothmanTackling Fake Agility w/ Johanna Rothman
Tackling Fake Agility w/ Johanna Rothman
 
Roadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint PresentationRoadway to GDSC- Session 1 Powerpoint Presentation
Roadway to GDSC- Session 1 Powerpoint Presentation
 
An Important Step Toward Process Improvement
An Important Step Toward Process ImprovementAn Important Step Toward Process Improvement
An Important Step Toward Process Improvement
 
Value Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process OptimizationValue Stream Map: A Visual Approach to Process Optimization
Value Stream Map: A Visual Approach to Process Optimization
 
The Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and EffectThe Role of Fishbone Diagram in Analyzing Cause and Effect
The Role of Fishbone Diagram in Analyzing Cause and Effect
 
Unlocking Insights and Driving Solutions Using the 5 Whys Approach
Unlocking Insights and Driving Solutions Using the 5 Whys ApproachUnlocking Insights and Driving Solutions Using the 5 Whys Approach
Unlocking Insights and Driving Solutions Using the 5 Whys Approach
 
Empowering Resilience & Strategic Growth: Insights for Emerging Leaders
Empowering Resilience & Strategic Growth: Insights for Emerging LeadersEmpowering Resilience & Strategic Growth: Insights for Emerging Leaders
Empowering Resilience & Strategic Growth: Insights for Emerging Leaders
 
Growing a Thriving and Engaged Remote Team
Growing a Thriving and Engaged Remote TeamGrowing a Thriving and Engaged Remote Team
Growing a Thriving and Engaged Remote Team
 
Applying the PDCA Cycle: A Blueprint for Continuous Improvement
Applying the PDCA Cycle: A Blueprint for Continuous ImprovementApplying the PDCA Cycle: A Blueprint for Continuous Improvement
Applying the PDCA Cycle: A Blueprint for Continuous Improvement
 
A3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem SolvingA3 Thinking: A Structured Approach to Problem Solving
A3 Thinking: A Structured Approach to Problem Solving
 
Organizations in a Future with Generative AI
Organizations in a Future with Generative AIOrganizations in a Future with Generative AI
Organizations in a Future with Generative AI
 
Forget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outsForget Fiverr : Fractional Employment the ins and outs
Forget Fiverr : Fractional Employment the ins and outs
 
Capacity2 - Briefing and Facilitation training slides
Capacity2 - Briefing and Facilitation training slidesCapacity2 - Briefing and Facilitation training slides
Capacity2 - Briefing and Facilitation training slides
 
How the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the StudioHow the Heck do you Teach Level Design? Educating in the Studio
How the Heck do you Teach Level Design? Educating in the Studio
 
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
 

Bcp drp

  • 1. The Importance Of Business Continuity And Disaster Recovery Planning By Aqel M. Aqel Information Systems Audit & Control Association Rolling Meadows Illinois –USA (www.isaca.org) CISA –Coordinator / Research Director -Riyadh Chapter Dec 2014
  • 2. Why BCP & DRP •Successful businesses expect the unexpected and plan for it. •Disruptions to your business can result in: •Data risk, •Revenue loss, •Failure to deliver services •That’s why organizations need strong business continuity planning. John Sharp, 2012,The Route Map to Business Continuity Management: Meeting the Requirements of ISO 22301’ by A Good Plan Increases Your Chances of Recovery
  • 3. Concepts and Terminology •Business continuitydescribes the processes and procedures an organization must put in place to ensure that mission-critical functions can continue during and after a disaster. •Disaster recoveryrefers to specific steps taken to resume operations in the aftermath of a catastrophic disaster (natural or national emergency)
  • 4. Reasons behind Disasters •Environmental Disasters •Tornado& Hurricane •Power Grid Failure •Flood •Snowstorm •Earthquake •Electrical storms •Fire •Fire •Sink Holes •Landslides Man Made Disruptions Terrorist Attack Sabotage التخريب War / Theft Arson الحريق المتعمد Labor Disputes Equipment or System Failure Internal power failure Air conditioning failure Cooling plant failure Equipment failure IT Failures and Security Breaches Cyber crime Loss of records or data Disclosure of sensitive information IT system failure
  • 5. More Concepts and Terminology Recovery Point Objective(RPO) measures the ability to recover files by specifying a point in time restore of the backup copy. Recovery Time Objective(RTO)measures the time that it takes for a system to be completely up and running in the event of a disaster. Source: Network Servers 2011
  • 6. More Concepts and Terminology •Recovery Point Objective(RPO) measures the ability to recover files by specifying a point in time restore of the backup copy.i.e. •Amount of data lost from failure, measured as the amount of time from a disaster event •It's determined by the amount of time between data protection events and reflects the amount of data that potentially could be lost during a disaster recovery. •The metric is an indication of the amount of data at risk of being lost. •Recovery Time Objective(RTO)measures the time that it takes for a system to be completely up and running in the event of a disaster. i.e. •Targeted amount of time to restart a business service after a disaster event. •It is related to downtime. The metric refers to the amount of time it takes to recover from a data loss event and how long it takes to return to service. •RTO refers then to the amount of time the system's data is unavailable or inaccessible preventing normal service.
  • 8. RTO and RPO Source: http://wikibon.org/w/images/0/04/RPO_RTO_Horison.jpg
  • 9. Facts •The US Chamber of Commerce reported that: •the economic losses in 2011, as a result of natural disasters, reached $380 million. •Federal Emergency Management Agency (www.fema.gov) reports: •40-60% of businesses that close due to disaster never reopen!! (source: https://telovations.wordpress.com/tag/revenue-lost-due-to-natural-disaster/
  • 10. Facts Source: FreeFormDynamics 2011 •Only 23% of Respondents said: yes, there is a formal DR plan in place.
  • 14. Facts •What part of IT infrastructures are covered by BC/DR plans Source: Howard Marks (2008) http://www.informationweek.com/practical-disaster-recovery-for-midsize-companies/d/d-id/1075012?
  • 15. Facts Source: Howard Marks (2008) http://www.informationweek.com/practical-disaster-recovery-for-midsize-companies/d/d-id/1075012? •What are the barriers to adoption of a business continuity plan? •Cost and complexity are •Lack of skills is a reason as well.
  • 16. Facts http://www.crn.com/slide-shows/storage/240006796/8-surprising-disaster-recovery-stats.htm/pgno/0/7 86% of companies experienced one or more instances of system downtime in the previous 12 months. Downtimes lasted 2.2 days on the average and cost each business an average of $366,363 a year. 33% of businesses admitted they do not back up virtual servers as often as they do their physical servers.
  • 17. Policies Support Motivation Sponsoring & follow up Procedures Policies Tools Roles and Responsibilities Methodologies / Best Practices Training Validation Audit Programs Reports Awareness Source: Aqel M. Aqel, IT Security in your firm, what is it, & how to achieve it. (2011). Monitoring Execution Leadership Actionable model
  • 18. ISO 22301 In 2012, BCI in partnership with BSI launch of ISO 22301, the new global standard for business continuity management.
  • 19. ISO 22301 •Provides a comprehensive set of controls based on BCM best practice. •Covets the whole BCM lifecycle. •Defines the strategic and tactical capability of an organization to plan for and respond to incidents. •It is generic and offers organizations guidance on putting their BCM systems in place.
  • 20. ISO 22301 –2012 key Clauses •Clause 1:Scope •Clause 2:Normative References •Clause 3:Terms and Conditions •Clause 4:Context of the organization •Clause 5:Leadership •Clause 6:Planning •Clause 7:Support •Clause 8:Operation •Clause 9:Performance evaluation •Clause 10: Improvement
  • 21. ISO 22301 -Clause 4:Context of the organization
  • 22. ISO 22301 –Clause 5:Leadership •Top management needs to demonstrate an ongoing commitment to the BCMS. •Integrating the BCMS requirements into the organization’s business processes •Providing the necessary resources for the BCMS •Communicating the importance of effective business continuity management •Ensuring that the BCMS achieves its expected outcomes •Directing and supporting continual improvement •Establish and communicate a business continuity policy •Ensuring that BCMS objectives and plans are established •Ensuring that the responsibilities and authorities for relevant roles are assigned
  • 23. ISO 22301 –Clause 6:Planning •Establishing strategic objectives and guiding principles for the BCMS. •The business continuity objectives must: be consistent with the business continuity policy; •Ttakeinto account the minimum level of products and services that is acceptable to the organization to achieve its objectives; •be measurable; •take into account applicable requirements; •be monitored and updated as appropriate
  • 24. ISO 22301 –Clause 7:Support •Using the appropriate resources for each task. •Competent staff with relevant (and demonstrable) •Training and supporting services •Awareness and communication. •Both internal and external communications of the organization must be considered in this area. •The requirements on the creation, update and control of documented information are also specified in this clause.
  • 25. ISO 22301 –Clause 8:Operation •Business Impact Analysis (BIA): •Risk assessment •Business continuity strategy: •Business continuity procedures: •Exercising and testing
  • 26. ISO 22301 –Clause 9:Performance evaluation •ISO 22301 requires permanent monitoring of the system as well as periodic reviews to improve its operation: •monitoring the extent to which the organization’s business continuity policy, objectives and targets are met; •measuring the performance of the processes, procedures and functions that protect its prioritized activities; •monitoring compliance with this standard and the business continuity objectives; •monitoring historical evidence of deficient BCMS’ performance •conducting internal audits at planned intervals; and •evaluating all this in the management review at planned intervals.
  • 27. ISO 22301 –Clause 10: Improvement •Continual improvement: •all the actions taken throughout the organization to increase effectiveness (reaching objectives) and efficiency (an optimal cost/benefit ratio) of security processes and controls to bring increased benefits to the organization and its stakeholders.
  • 28. More information •The American Institute of Certified Public Accountants (AICPA) •Information Systems Audit and Control Association (ISACA) •Association of Information Technology Professionals (AITP) •Institute of Internal Auditors (IIA) •International Association for Computer Information Systems (IACIS) •Information Systems Security Association (ISSA) •International Disaster Recovery Association (IDRA) •Business Recovery Managers Association (BRMA) •British Standards Institute (BSI) •http://www.slideshare.net/AhmedRiad2/ss-38345026