This document provides an overview of the Ministry of International Trade and Industry's (MITI) experience implementing a Disaster Recovery Plan (DRP). It begins with definitions of key terms like business continuity management, disaster recovery planning, and disasters. It then discusses MITI's objectives for the DRP, which were to improve availability, processes, maturity, reputation and gain advantages. The document outlines MITI's DRP strategy and roadmap, which included phases for analysis, risk assessment, recovery strategies, plan development and testing. It discusses challenges faced and key success factors. Lessons learned included the importance of planning, readiness, awareness, communication and teamwork.
2. MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY
DISASTER RECOVERY PLAN IMPLEMENTATION EXPERIENCE:
A GOVERNMENT AGENCY’S PERSPECTIVE
INTHRANI. S
3. Contents
• BCM/DRP
Fundamentals
• BCM/DRP in MITI
Introduction to MITI
Quick Assessment
Scope
Objectives
Strategy
The Journey/Roadmap
Challenges
Key Success Factors
Lessons Learned
• Q & A
4. What Is a Disaster ?
Any natural or man-made event that disrupts the business in
such a significant way that a considerable and coordinated
effort is required to recover and resume business.
• Geological: earthquakes, volcanic
eruption, tsunamis and landslides
• Meteorological: hurricanes, tornados,
wind storms, hail, ice storms, snow
storms, rainstorms, and lightning
• Others: avalanches, fires, floods,
meteors and meteorites, and solar
storms
• Health: widespread illnesses and
pandemics
• Labour: strikes, walkouts, and slow-downs that
disrupt services and supplies
• Social-political: war, terrorism, sabotage,
vandalism, civil unrest, protests,
demonstrations, cyber attacks, hacking, denial
of services (DOS).
• Others: fires, haze, stampedes, material spills
• Utilities: power failures, communications
outages, water supply shortages, fuel
shortages, etc
5. What is BCM?
• Holistic management process for identifying potential
impacts from threats and for developing response plans
• Provides a framework for building resilience and the
capability for an effective response
• Safeguards the interests of an organization's key
stakeholders, reputation, brand and value creating
activities
• 1 plan 4 all
Not only RECOVERING CRITICAL FUNCTIONS from DISASTER
but also ensuring that they CONTINUE FUNCTIONING
IMMEDIATELY in the event of a disaster - BCMI
6. What is DRP?
A Disaster Recovery Plan is a documented
process or set of procedures to recover
and protect business-related IT
infrastructure in the event of a disaster. It
is associated with IT assets.
BUSINESS
CONTINUITY
DISASTER
RECOVERY
7. BCP and DRP
BCP
Activities required to
ensure the continuity
of critical business
processes in an
organisation
Alternative personnel,
equipment, and
facilities
Often includes non-IT
aspects of business
DRP
Assessment,
salvation, repair, and
eventual restoration of
damaged facilities and
systems
Often focuses on IT
Assets
8. What is MTD?, RTO? & RPO?
• Maximum Tolerable Downtime (MTD)
– Maximum time that a business process can be
inoperative/unavailable before significant damage
• Recovery Time Objective (RTO)
– Period of time from disaster onset to
resumption of critical business function
• Recovery Point Objective (RPO)
– The point in time before a disaster up to which system
and data must be recovered
9. About MITI
• Vision
To make Malaysia the preferred investment destination and
among the most globally competitive trading nations by 2020.
• Mission
To promote and strategise Malaysia's global competitiveness in
international trade by producing high value added goods and
services.
To spur the development of industrial activities towards
enhancing Malaysia's economic growth for achieving a
developed nation status by 2020
• Objective of ICT Division
To make Information Communication Technology (ICT) as the
strategic enabler to achieve MITI’s Vision and Mission
10. Quick Assessment
1. Are you concerned that your normal business operations may be interrupted by a
natural or human-caused disaster? (Y / N / Unsure)
2. Have you determined what parts of your business need to be operational as soon as
possible following a disaster, and planned how to resume those operations? (Y / N /
Unsure)
3. Do you and your employees have an emergency response plan in place to help assure
your safety and to take care of yourselves until help can arrive?
(Y / N / Unsure)
4. Could you communicate with your employees if a disaster happens during working
hours or after working hours? (Y / N / Unsure)
5. Are you able to access the vital records/information for your business operations in an
event of disaster? (Y / N / Unsure)
6. Do you have plans to stay open for business and continue with your services, even if
you cannot stay in or reach your place of business? (Y / N / Unsure)
11. Scope
Trade Facilitation Information System
SERVICE PROVODER
AGENCY-2
DATABASE-1
SYSTEM-1 SYSTEM-2
AGENCY-1
MITI
EXTERNAL USERS
MITI PORTAL
SINGLE SIGN ON
DATABASE-2
SYSTEM-3
INTERNAL USERS
WEB
12. To:
• Minimize effects of a disaster – downtime and
data loss
• Improve service availability and reliability
• Improve processes / procedures
• Improve maturity & resilience
• Improve organisational image and reputation
• Enhance customer trust
• Gain marketplace advantage
MITI’s DRP Objectives
13. BCM Framework (DRP Project)
Act Plan
DoCheck
Project
Management
Risk Analysis and
Review
Testing and
Exercising
Programme
Management
Business Impact
Analysis
Recovery
Strategy
Plan
Development
15. How BCP/DRP Support Security?
protecting information from
being changed/tampered by
unauthorised parties.
refers to the AVAILABILITY of
information to authorised
parties, only when requested
protecting information from
being disclosed to
unauthorised parties.
BCM/DRP directly supports AVAILABILITY
16. DRP Roadmap: STAGE 1 (PLAN):
ESTABLISHING THE DRP
Understanding Organization
• Understand the organization’s Mission, Vision,
Objective, BCMP’s Scope & Criteria
DRP Scoping
• Define Scope Objective and Boundaries
in line with organization’s BCMP
Management Approval & Support
• Project approval, approach, timeline,
policy
Establish Project Structure
• Project Team, term of reference,
understanding, relevant training
17. Phase
2
BUSINESS IMPACT ANALYSIS
Activities :
Workshop / Survey to collect data on Systems / Infrastructure /Functions
Analysis on collected data
Identification of critical systems / infrastructure / functions
Assessing the risk impact on critical systems / infrastructure /functions
Determine Maximum Tolerable Downtime (aligned with client charter for the
identified critical functions/system/SLA)
RISK ANALISYS AND REVIEW (Identification, Assessment, Response
Development & Control)
Activities :
Workshop / Survey to collect data on potential risks
Analysis on collected data
Identification of risk factors
Determine likelihood, impact and expose level of risks identified
Prioritizing of risks based on exposure level
Mitigation & Monitoring
Phase
1
DRP Roadmap: STAGE 2 (DO):
IMPLEMENT AND OPERATE THE DRP
18. Phase
3
RECOVERY STRATEGY
Activities :
Determine Maximum Tolerable Downtime (aligned with client charter for the identified critical
functions/system/SLA)
Determine Recovery Time Objective (RTO) & Determine Recovery Point Objective (RPO)
Determine DR options (Hot / Warm / Cold)
Determine the backup strategy
Determine resources requirements
Procurement Process
Phase
4
PLAN DEVELOPMENT
Activities :
Recovery Team/Backup Structure, Roles & Responsibilities
Notification (Stakeholders, Users, Customers, Authorities, etc)
Communication (WhatsApp/Email/Portal/Agencies’ Website/Blog/Twitter/Facebook)
Regular meetings with all parties involved
Training / Education / Awareness(everyday operations, recovery/emergency/resumption
procedures)
PM Activities for Systems, Infrastructure, Functions (frequency)
Testing/Exercising & Review (frequency)
Alternative Workspace (Hardware/Network & other facilities)
Logistic & Supply
Who, What, When, Where & How
DRP Roadmap: STAGE 2 (DO):
IMPLEMENT AND OPERATE THE DRP
19. DRP Roadmap: STAGE 3 (Check):
Testing & Exercising
Document
Review
• Review Readiness
• Regular review of
plans, procedure,
changes
(organisation
structure,
architecture, service
providers, users,
operations, etc)
• feedback from
document owners,
etc
• network
connection
(multiple site,
workspace)
• Hardware
• Application
• back-up
Unit/Component
Test
• Full Rehearsal with
checklist
Walkthrough
(Dry Run)
• Back-up
• Production systems shut
down
• Movement to DR site
• Restoration
• Network & Systems test
(full cycle )
•Back-up
•Movement to primary site
•Restoration
•Testing
•Business Resumption at
primary site
Full Scale
Simulation
20. DRP Roadmap: STAGE 4 (ACT):
MAINTAIN AND IMPROVE THE DRP
Assess the
outcome of the
simulation exercise
(what went
right/wrong)
Perform
appropriate
correction,
corrective and
preventive actions
Continual
Improvement
• Simulation Report
• Assess Readiness
• Analyse Issues
• Recommendations
• Correction
• Corrective
• Preventive Action
• Awareness
• Continual
Improvements
21. Challenges
• Commitment & Support from all parties involved (multi-
agencies/vendors/teams/users)
• Planning & Coordination
• Rules & Regulations (physical/logical access)
• Readiness (Test & Resumption)
• Mindset
• Education & Awareness (new staff)
• Acculturation
• Skills, Knowledge and Expertise
22. Key Success Factors
• Well defined scope, requirements
• DR Plan – Policy, Procedures, Structure, Ownership, Roles
& Responsibilities
• Project Team (Competency, Skill & Literacy)
• Simulation Test
Leadership, Coordination, Time line, Checklist (4W&1H),
Communication, Logistic, Postmortem & feedback
• Close monitoring and management
• Commitment & Support
(All levels/parties)
• Communication & awareness
• Teamwork
23. Lessons learned
• Dedicated group
• Proactive Preventions
• Buy–ins from Top management
• Planning & Readiness*
• Awareness & training
• Communication
• Teamwork