· Backups;
· Resiliency designs within the network architecture;
· Data centre etc…etc…
IT Service Recovery is a legacy approach that many are comfortable with. From the early mainframe computer days in the 1950’s initial recovery simply focused on restoring the mainframes, the systems were simply off line and business would have to wait, it could actually take a matter of days before affecting the business in anyway.
However, with the explosion of the internet since 1995 and greater dependence on up-to-the-second information, the impact of loss can now be felt, not in days, but in minutes… if not seconds!
The role of Business Continuity within an organization developed throughout the 90’s as it became obvious there was a need to provide protection and resilience spanning the entire business. This led to Business Continuity professionals sitting well outside of IT, focusing on Business Impact Assessments, Crisis Management, and Business Continuity Plans, detailing how the business can continue to provide products and services at an acceptable minimum service level.
IT has continued to support ‘general good practice’ and has kept up to date, where possible, on the technology that supports system resiliency and recovery, however, often choosing solutions without discussing requirements with the business. Likewise, the business has been developing Business Continuity Plans on the assumption that IT services will be able to support their strategies.
It is therefore essential that you re-align Business Continuity Management with IT Service Recovery to ensure that the business clearly understands how it may implement strategies that either prevent incidents occurring, or reduce the impact if they do occur.
To achieve continuity and recovery objectives an organisation should be able to answer questions such as:
· Can IT recover the business systems within an acceptable period of time?
· Has the business discussed what the “acceptable period of time” is?
· Have you ever completed a full restore from backup?
· Do you carryout vulnerability scans or penetration tests to examine the adequacy of your network designs?
· Is your Data Center far enough away? Or is it likely to be impacted by the same disruptive incident as you?
CQR Services
CQR is able to help you define your Business Continuity and Service Recovery Strategies through a number of services, such as:
|
Service
|
Benefit
|
|
Business Continuity Gap Analysis against ISO 22301:2012 Business
Continuity Standard
|
We
will review existing business continuity plans, supporting documentation and
governance against the industry standard ISO 22301
|
|
Business Continuity Management System (BCMS) Development
|
We
can work with you to create a BCMS that can be certified to ISO 22301 or
simply be ‘compliant to’ the requirements of the standard
|
|
Business Impact Analysis
|
We
will work with you to analyse the consequences of a disruptive incident on
your most time sensitive business processes.
Output
will feed into your risk register, business continuity and recovery plans and
most importantly verify whether IT are able to recover within the desired
timeframes.
|
|
IT Service Recovery Technical Review
|
We
will provide an independent review of your IT Service Recovery Plans,
ensuring that the information therein is adequate to support the recovery processes
and that staff are aware of their roles and responsibilities.
|
|
Vulnerability Assessment
|
We
have specialist consultants who can carry out technical vulnerability scans
that will challenge the resiliency of your network architecture.
We
will provide you with a vulnerability report outlining the risks and provide
recommendations to manage the identified vulnerabilities.
|
|
Exercise / Test Facilitation
|
CQR
can work with you to design and facilitate an exercise that will test the
limits of your documentation and ensure that it is:
-
Accurate
and up to date
-
Relevant
-
Complete
-
Appropriate
The
exercise will also ensure that staff get to understand their roles and
responsibilities in an event.
We
can also help you to test the continuity and recovery strategies outlined in
the documentation to ensure that they will work as expected.
|
|
Document Development
|
We
can review, update and create relevant business continuity and recovery
documentation as per your requirements.
|
No comments:
Post a Comment