SlideShare a Scribd company logo

Business continuity management and the extended enterprise

George Coutsoumbidis
George Coutsoumbidis

Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise.

TechnologyBusiness
1 of 8
Download to read offline
Business Continuity Management in the Extended Enterprise Continuous Availability in a Real-Time Economy George Coutsoumbidis 5/8/2012 Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise.
Business Continuity Management in the Extended Enterprise Business Continuity Management and the Extended Enterprise Continuous Availability in a Real-Time Economy Business Continuity is receiving a great deal of attention in the aftermath of recent events, including the London Bombings, the devastating hurricanes of 2005, as well as numerous software failures and cyber-attacks. Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise. Business’s experience managing a large global network infrastructure through some of the most disruptive events of the past few years has provided it with a number of proven BCM and incident management capabilities. This paper discusses the major themes within Business Continuity Management, namely the shift from event driven IT-focused disaster recovery to a more broad-based integrated risk management approach that deals with emerging issues like the extended enterprise and workforce continuity. The discussion begins with a review of the potential threats to continuity of operations and the requirements of recent regulatory actions. Continuous Availability The real-time, widely distributed enterprise has become a standard global business model. Driven by market forces for greater efficiency, productivity, and profitability; enterprise businesses are leveraging new processes and technologies to compete in a highly dynamic global market place. Real-time transactions and integrated supply chains, linking the buyer and seller, mean businesses are vulnerable to even the shortest interruptions. For many enterprises, an hour of down time can cost millions of dollars in lost revenue, productivity, and market capitalization. Historically, businesses focused on IT recovery—creating a plan to recover from an unforeseen event, such as a power outage, hurricane, earthquake or fire. Traditional approaches featured redundant data centers, telecommunications capabilities, and IT resources. Disaster recovery plans often involved an off-site facility where a set of the minimum business critical systems were available to receive a copy of the latest back-up tapes. The systems would be reloaded and brought online, typically within 24 to 48 hours and sometimes as long as 72 hours, depending on the complexity and criticality of the environment. In today’s business environment, the need for real-time access to data and applications makes this model no longer tenable. Businesses simply cannot afford to stop for a few minutes, let alone a couple of days while critical systems are brought back online. While maintaining data and communications resilience is an important component of any business continuity plan, enterprises must also consider how to protect the most critical component of their business—the workforce. Workforce continuity has emerged as an important BCM consideration as enterprise perimeters expand to support new partnerships, global customers and mobile or remote workers. BCM initiatives need to consider continuity of operations for an extended enterprise through events such as pandemic influenza, infrastructure disruptions and a wide array of other events that may prevent employees from 1
Business Continuity Management in the Extended Enterprise reaching their primary work sites. For some businesses, administrative recovery can be just as critical as IT recovery This factor drives requirements to go beyond redundant facilities and resources—to address the need for continuous interactive communications and secure remote access. Key Components of Successful BCM Programs BCM initiatives typically focus on the continuous assessment of business needs, acceptable levels of risk and responding with a set of processes and infrastructure designed to optimize operational availability. Effective BCM initiatives must enable the continuation of all critical business processes through a wide range of events—from power outages to pandemic influenza. Therefore, successful business continuity programs are multifaceted, drawing from a broad range of alternatives, and striking a balance between the risks and expense that are appropriate for each enterprise. BCM is more process than product and one size does not fit all. However, successful business continuity management solutions usually incorporate generally accepted best practices and include the following key components: 1. Executive sponsorship—Senior leadership must champion BC 2. Multi-disciplined team—BC cannot be done by IT alone 3. Risk Assessment—Understand the potential exposure and tolerance for uncertainty 4. Business Impact Assessment—Quantified analysis of all critical processes and systems 5. Recovery Time Objective—the maximum amount of time within which a function must be restored in order to avoid unacceptable damage 6. Recovery Point Objective—the maximum amount of acceptable data loss after an incident as measured in time 7. Network and Security Assessments for critical applications and processes 8. Strategy Development—Recovery strategies based on the corresponding recovery objectives 9. Automated plan development and implementation—Investment in planning tools; regular plan review, test and refresh; update plans at least once per year Compliance: Setting the Agenda—Business Continuity Can No Longer Be Ignored One needs to look no further than the headlines in today’s business publications to know that compliance is setting the agenda for many executive management teams in boardrooms around the world. More and more often business continuity is being linked to regulatory compliance. A number of industry regulations and guidelines now include requirements related to business continuity, such as disaster recovery plans, data backup/retention and secondary sites for IT operations. Enterprises are increasingly being asked to provide details about their BCM programs in order to maintain existing business or to compete for new contracts. Enterprises understand that they’re only as resilient as their supply chain and now set high BCP standards for partners, vendors and other stakeholders. Below are just of few of the compliance/regulatory items frequently identified on a CEO’s agenda: 2
Business Continuity Management in the Extended Enterprise References Industries Affected Primary Focus Business Continuity Implications All public companies Corporate governance Long-term data Sarbanes-Oxley traded on U.S. stock storage/archiving exchanges Financial Services Information retention and security Data Replication— Gramm-Leach- long-term Bliley (GLB) storage/archiving Healthcare Standardization of healthcare Requires disaster HIPAA transactions and privacy of patient recovery plan, records crisis operations plan, and data backup U.S. Government Information security Requires FISMA government to be open and operational through a crisis Financial/Banking Created by the Basel Committee on Requires business Basel II Accord Banking Supervision, Sound continuity plan Practices for Management and and loss Supervision, 2003 limitations FERC RM01-12-00 Energy/Utility Regulation focused on larger metro Requires disaster (Appendix G) utilities. Rural Utility Services are recovery plan exempt. Hazards To frame the discussion of business continuity planning, it is useful to begin with an assessment of the types of events that can disrupt business. One can then begin to assess the impact and formulate a strategy for mitigating the effects of each potential threat. Hazards come in many forms but can be broken down into three basic categories: Facilities Infrastructure, Workforce Continuity, and IT Infrastructure. Facilities Infrastructure Hazards 1. Natural Hazards (floods, blizzards, hurricanes, forest fires, earthquakes, etc.) 2. Human caused (chemical spills, train derailments, terrorist attack, civil unrest, power outages, fuel disruptions, etc.) 3. Geographic (transport infrastructure, amenities, staffing resources) Events that affect the facilities, whether of natural origin or man-made, have been the focus of the disaster recovery discussions. The hazards that typically impact an entire facility are large in scale and often come with little warning. Within the context of Business Continuity Planning, interruptions of this magnitude may be the central driver of the solution, but they should not be the sole focus of planning. Workforce Continuity Hazards 1. Flu pandemic 2. Employee loss (work stoppage, death, layoff, resignation, or illness) Events that affect the personnel of a business, rather than its infrastructure, are a relatively recent BCM issue. However, when one examines the information flows within an enterprise, the people and their ability to access data and applications are clearly a critical element. 3
Business Continuity Management in the Extended Enterprise Personnel-related disruptions can be broad, as in the case of a significant pandemic flu outbreak or weather-related event. However, even the loss of a single key employee can be devastating, if the person in question is the only one who possesses critical knowledge or skills. Effective Business Continuity Planning must also address somewhat unpleasant topics, such as, how would an enterprise sustain operations if a significant percentage of employees were unable to perform their duties for several days, weeks, months or permanently. Can the business rapidly implement staggered work shifts or remote working strategies? The first step to ensuring workforce continuity is to assess which skills are needed to sustain critical processes, where they are located and how readily they can be re-directed to ensure continuity. IT Infrastructure Hazards 1. Hardware failure 2. Software errors 3. Security event (virus, worm, denial of service attacks or break-ins) 4. Network transmission degradation or failure 5. Change management error 6. Human error IT infrastructure has long been at the center of disaster recovery. It is an area where technology creates both exposures and the solutions needed to support the real-time, extended enterprise. The threats to IT infrastructure include physical impacts, such as hardware failures and circuit cuts, as well as less visible but very real threats from software bugs, security events, and simple human error. BCM initiatives need to address the complete business information flow and the entire critical infrastructure that supports it. Each hazard, large or small, carries with it a unique set of challenges that a business must address as its BCM strategy evolves. Of course, a number of the BCM components will not be within the scope of IT. For example, to avoid the impact of a significant flu outbreak, many businesses offer free flu shots to employees, thereby mitigating the risk of significant employee absenteeism resulting from seasonal illness. Business Continuity Management Business Continuity Management is a continuous process driven by the critical business needs of an enterprise. A complete assessment of the information flows must take into consideration the people, processes and systems (including communications infrastructure) involved in each business information flow. All information flows internal to the company or external to suppliers or customers must be examined. The business assessment is then reviewed in the context of the Risk Assessment. The Risk Assessment helps identify the business continuity requirements, top and bottom line income exposures and potential expenses should an impacting event occur. Figure 1 below illustrates the Business Continuity Life Cycle. By adopting a life cycle approach to BCM, enterprises should be able to maintain the needed operational resiliency as their environment changes. New applications, mergers and acquisitions, changing regulatory landscapes, and technological advancements can alter the business environment overnight. It is critical that BCM is integrated into all significant business decisions to help enable the 4
Business Continuity Management in the Extended Enterprise enterprise to continue operations while maintaining an acceptable level of risk for its critical information flows. Business Continuity Management cycle Business Continuity Solutions Business Continuity Solutions should provide a broad array of business continuity solution components from traditional resilient voice and data services to high-availability, network- embedded applications that enable customers to take advantage of a highly resilient platforms at a fraction of the cost of building the platform in-house. The foundation of the business continuity portfolio is a suite of consulting services that integrate continuity planning with network architectures—helping you through all stages of Business Continuity Plan Development, from initial planning and assessment through implementation. By integrating Business Continuity Planning and network planning, The Business can help ensure critical processes and systems are supported by a resilient network architecture delivering advanced communications across one of the world’s largest local to global IP networks. This is a critical vulnerability for many enterprises because BCP and network planning are often segregated functions rather an integrated risk mitigation process. Separate leadership and funding priorities means the network architecture might not be able to deliver performance required in the business continuity disaster recovery (BCDR) plan. The team should work with the enterprise to develop and implement business continuity plans and systems to help you meet these critical business objectives. 5
Business Continuity Management in the Extended Enterprise Business Continuity Planning Services available to meet key business continuity requirements include the following:* Service Focus Service Benefit to the Customer Business Continuity Technology Consulting Assistance in developing or refreshing Professional Services Services Business Continuity and regulatory compliance plans Resilient Voice and Data Enterprise Mobility— Ability to stay connected via notebook Networking EVDO PCs via broadband wireless combined with’s Enterprise Mobility Management Service IP VPN Broadband Wireless Back-Up IP VPN and broadband wireless back-up solution to traditional wire line access SIG Broadband Wireless Back-Up Public access back-up via broadband wireless to tie public locations into private networks Private IP—Disaster Recovery Ports Secondary Private IP port and access value-priced to use as back-up access Ethernet Private Line Provides overall metro area LAN/WAN network flexibility and resiliency Custom Redirect Service Real-time redirect of inbound calls based upon a trigger event to pre- configured alternative numbers Security Services Denial of Service— Increased preventative measures to Defense Detection protect systems from outages caused by DoS attacks Managed Firewall Enterprise and Managed Intrusion Increased preventative measures to Protection protect systems from outages caused by viruses and malicious hacking IT Solutions IP Application Hosting Warm and hot fail-over options to facilitate ongoing operations during outage impact to primary facilities and systems Remote Backup and Restore Data back-up to a remote, secure location managed by full restore back to the primary data site when needed Managed Storage Variety of managed and hosted storage 6
Business Continuity Management in the Extended Enterprise solutions to integrate into overall Business Continuity plan Network-Embedded Hosted IP Centrex Flexible VoIP-based calling service with Applications network based IP PBX that enables calling locations to change on demand to any location with Internet access Web Center Flexible hosted multimodal contact center functionality that permits contact center agents to reside anywhere there is Internet access Integrated Communications Package Small business focused unified communication application that provides flexible calling and alternative communications options that does not require a fixed location Managed Network Services Managed Network A variety of management options for Services services that remove day-to-day operations from an enterprise and move them to a resilient network operations centers Customized Business Customized Business Customized solutions focused on Outcome SLA Outcome SLA achieving specific business outcomes for an application vs. traditional network and data center SLAs 7

Recommended

IBM XIV® Storage System: Engineered for Business Continuity
IBM XIV® Storage System: Engineered for Business ContinuityIBM XIV® Storage System: Engineered for Business Continuity
IBM XIV® Storage System: Engineered for Business ContinuityIBM India Smarter Computing
 
Understanding the impact of Enterprise Asset Management
Understanding the impact of Enterprise Asset ManagementUnderstanding the impact of Enterprise Asset Management
Understanding the impact of Enterprise Asset ManagementAlok Chander
 
Qatar Proposal
Qatar ProposalQatar Proposal
Qatar ProposalAbsar Husain
 
Taming Information - InfoManagement2015
Taming Information - InfoManagement2015Taming Information - InfoManagement2015
Taming Information - InfoManagement2015Shiva Hullavarad
 
Delivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesDelivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesInfosys BPM
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Bindu Rathore
 

Recommended

IBM XIV® Storage System: Engineered for Business Continuity
IBM XIV® Storage System: Engineered for Business ContinuityIBM XIV® Storage System: Engineered for Business Continuity
IBM XIV® Storage System: Engineered for Business ContinuityIBM India Smarter Computing
 
Understanding the impact of Enterprise Asset Management
Understanding the impact of Enterprise Asset ManagementUnderstanding the impact of Enterprise Asset Management
Understanding the impact of Enterprise Asset ManagementAlok Chander
 
Qatar Proposal
Qatar ProposalQatar Proposal
Qatar ProposalAbsar Husain
 
Taming Information - InfoManagement2015
Taming Information - InfoManagement2015Taming Information - InfoManagement2015
Taming Information - InfoManagement2015Shiva Hullavarad
 
Delivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesDelivering Transformation by creating the right Internal Utilities
Delivering Transformation by creating the right Internal UtilitiesInfosys BPM
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Bindu Rathore
 
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...ijcsit
 
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...AIRCC Publishing Corporation
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software NewsTimMagill
 
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data AnalyticsAIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analyticsprosenzw69
 
2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy Industry2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy IndustryMichele Hudnall
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
The Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp SoftwareThe Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp SoftwareDonovan Mulder
 
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure ManagementDCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Managementjpjobard
 
WP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipmentWP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipmentSE_NAM_Training
 
MIS Chap # 2.........
MIS Chap # 2.........MIS Chap # 2.........
MIS Chap # 2.........Syed Muhammad Zeejah Hashmi
 
Case Study MIS- Stratex
Case Study MIS- StratexCase Study MIS- Stratex
Case Study MIS- StratexNorsamita Shamsuddin
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
Accenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions BrochureAccenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions BrochureSilas O'Dea
 
Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementLuxembourg Institute of Science and Technology
 
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management MetricStream Inc
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India
 
T2 notes
T2 notesT2 notes
T2 notesPamela Natalie
 
Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014Ken Wiens
 
Evolution of erp systems
Evolution of erp systemsEvolution of erp systems
Evolution of erp systemsPrayukth K V
 
Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationOffice 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationMary Marks
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Startedmxp5714
 
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSsarankamalanathan
 

More Related Content

What's hot

TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...ijcsit
 
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...AIRCC Publishing Corporation
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software NewsTimMagill
 
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data AnalyticsAIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analyticsprosenzw69
 
2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy Industry2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy IndustryMichele Hudnall
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
The Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp SoftwareThe Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp SoftwareDonovan Mulder
 
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure ManagementDCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Managementjpjobard
 
WP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipmentWP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipmentSE_NAM_Training
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
Accenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions BrochureAccenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions BrochureSilas O'Dea
 
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management MetricStream Inc
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India
 
Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014Ken Wiens
 
Evolution of erp systems
Evolution of erp systemsEvolution of erp systems
Evolution of erp systemsPrayukth K V
 

What's hot (19)

TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
 
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software News
 
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data AnalyticsAIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analytics
 
2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy Industry2006 04 - Solution Flyer - Energy Industry
2006 04 - Solution Flyer - Energy Industry
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usen
 
The Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp SoftwareThe Hidden Financial Costs Of Erp Software
The Hidden Financial Costs Of Erp Software
 
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure ManagementDCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
DCIM DATACENTER INFRASTRUCTURE MANAGEMENT Infrastructure Management
 
WP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipmentWP115 Tax Benefits of Rack-based Power and Cooling equipment
WP115 Tax Benefits of Rack-based Power and Cooling equipment
 
MIS Chap # 2.........
MIS Chap # 2.........MIS Chap # 2.........
MIS Chap # 2.........
 
Case Study MIS- Stratex
Case Study MIS- StratexCase Study MIS- Stratex
Case Study MIS- Stratex
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
 
Accenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions BrochureAccenture Plant Asset Solutions Brochure
Accenture Plant Asset Solutions Brochure
 
Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access management
 
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management BCBS Associate Achieves Superior Compliance, Audit & Issue Management
BCBS Associate Achieves Superior Compliance, Audit & Issue Management
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT System
 
T2 notes
T2 notesT2 notes
T2 notes
 
Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014Curriculum Vitae Ken Wiens 2014
Curriculum Vitae Ken Wiens 2014
 
Evolution of erp systems
Evolution of erp systemsEvolution of erp systems
Evolution of erp systems
 

Similar to Business continuity management and the extended enterprise

Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationOffice 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationMary Marks
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Startedmxp5714
 
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSsarankamalanathan
 
ARMnet Business Intelligence White Paper
ARMnet Business Intelligence White PaperARMnet Business Intelligence White Paper
ARMnet Business Intelligence White PaperTimMagill
 
Business Intelligence White Paper
Business Intelligence White PaperBusiness Intelligence White Paper
Business Intelligence White Papernforth
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paperCMR WORLD TECH
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...run_frictionless
 
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Richard Brooks
 
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdf
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdfISO 22301 Business Continuity Management for AI driven Operations. (1).pdf
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdfelishaaggarwal2
 
An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777Yasmine Anino
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recoveryGeorge Coutsoumbidis
 
Untangling Product Complexity in M&A
Untangling Product Complexity in M&AUntangling Product Complexity in M&A
Untangling Product Complexity in M&AMichael Hu
 
2009_NYC_OpRiskUSA_Conf
2009_NYC_OpRiskUSA_Conf2009_NYC_OpRiskUSA_Conf
2009_NYC_OpRiskUSA_ConfPeter Poulos
 
Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business As Usual, Inc.
 
The Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster RecoveryThe Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster Recoverycadavis22
 
Executive Primer on Business Continuity Planning
Executive Primer on Business Continuity PlanningExecutive Primer on Business Continuity Planning
Executive Primer on Business Continuity PlanningRickMark
 

Similar to Business continuity management and the extended enterprise (20)

Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft CorporationOffice 2007 In Business Continuity Whitepaper: Microsoft Corporation
Office 2007 In Business Continuity Whitepaper: Microsoft Corporation
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Started
 
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
BCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMSBCMS
 
ARMnet Business Intelligence White Paper
ARMnet Business Intelligence White PaperARMnet Business Intelligence White Paper
ARMnet Business Intelligence White Paper
 
Business Intelligence White Paper
Business Intelligence White PaperBusiness Intelligence White Paper
Business Intelligence White Paper
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tips
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...
 
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
Business Continuity Management - Operational & Cyber Resilience Part 1 (whi...
 
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdf
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdfISO 22301 Business Continuity Management for AI driven Operations. (1).pdf
ISO 22301 Business Continuity Management for AI driven Operations. (1).pdf
 
An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777
 
Bi kpmg
Bi kpmgBi kpmg
Bi kpmg
 
Bi kpmg
Bi kpmgBi kpmg
Bi kpmg
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recovery
 
Untangling Product Complexity in M&A
Untangling Product Complexity in M&AUntangling Product Complexity in M&A
Untangling Product Complexity in M&A
 
2009_NYC_OpRiskUSA_Conf
2009_NYC_OpRiskUSA_Conf2009_NYC_OpRiskUSA_Conf
2009_NYC_OpRiskUSA_Conf
 
Managing Threats in a Dangerous World
Managing Threats in a Dangerous WorldManaging Threats in a Dangerous World
Managing Threats in a Dangerous World
 
Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21Business Continuation - The basics according to John Small 2014-02-21
Business Continuation - The basics according to John Small 2014-02-21
 
The Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster RecoveryThe Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster Recovery
 
Executive Primer on Business Continuity Planning
Executive Primer on Business Continuity PlanningExecutive Primer on Business Continuity Planning
Executive Primer on Business Continuity Planning
 

Recently uploaded

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Business continuity management and the extended enterprise

  • 1. Business Continuity Management in the Extended Enterprise Continuous Availability in a Real-Time Economy George Coutsoumbidis 5/8/2012 Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise.
  • 2. Business Continuity Management in the Extended Enterprise Business Continuity Management and the Extended Enterprise Continuous Availability in a Real-Time Economy Business Continuity is receiving a great deal of attention in the aftermath of recent events, including the London Bombings, the devastating hurricanes of 2005, as well as numerous software failures and cyber-attacks. Business Continuity Management (BCM) and Continuity of Operations (COOP) is a multi-dimensional practice requiring a balance of investment against risk to the enterprise. Business’s experience managing a large global network infrastructure through some of the most disruptive events of the past few years has provided it with a number of proven BCM and incident management capabilities. This paper discusses the major themes within Business Continuity Management, namely the shift from event driven IT-focused disaster recovery to a more broad-based integrated risk management approach that deals with emerging issues like the extended enterprise and workforce continuity. The discussion begins with a review of the potential threats to continuity of operations and the requirements of recent regulatory actions. Continuous Availability The real-time, widely distributed enterprise has become a standard global business model. Driven by market forces for greater efficiency, productivity, and profitability; enterprise businesses are leveraging new processes and technologies to compete in a highly dynamic global market place. Real-time transactions and integrated supply chains, linking the buyer and seller, mean businesses are vulnerable to even the shortest interruptions. For many enterprises, an hour of down time can cost millions of dollars in lost revenue, productivity, and market capitalization. Historically, businesses focused on IT recovery—creating a plan to recover from an unforeseen event, such as a power outage, hurricane, earthquake or fire. Traditional approaches featured redundant data centers, telecommunications capabilities, and IT resources. Disaster recovery plans often involved an off-site facility where a set of the minimum business critical systems were available to receive a copy of the latest back-up tapes. The systems would be reloaded and brought online, typically within 24 to 48 hours and sometimes as long as 72 hours, depending on the complexity and criticality of the environment. In today’s business environment, the need for real-time access to data and applications makes this model no longer tenable. Businesses simply cannot afford to stop for a few minutes, let alone a couple of days while critical systems are brought back online. While maintaining data and communications resilience is an important component of any business continuity plan, enterprises must also consider how to protect the most critical component of their business—the workforce. Workforce continuity has emerged as an important BCM consideration as enterprise perimeters expand to support new partnerships, global customers and mobile or remote workers. BCM initiatives need to consider continuity of operations for an extended enterprise through events such as pandemic influenza, infrastructure disruptions and a wide array of other events that may prevent employees from 1
  • 3. Business Continuity Management in the Extended Enterprise reaching their primary work sites. For some businesses, administrative recovery can be just as critical as IT recovery This factor drives requirements to go beyond redundant facilities and resources—to address the need for continuous interactive communications and secure remote access. Key Components of Successful BCM Programs BCM initiatives typically focus on the continuous assessment of business needs, acceptable levels of risk and responding with a set of processes and infrastructure designed to optimize operational availability. Effective BCM initiatives must enable the continuation of all critical business processes through a wide range of events—from power outages to pandemic influenza. Therefore, successful business continuity programs are multifaceted, drawing from a broad range of alternatives, and striking a balance between the risks and expense that are appropriate for each enterprise. BCM is more process than product and one size does not fit all. However, successful business continuity management solutions usually incorporate generally accepted best practices and include the following key components: 1. Executive sponsorship—Senior leadership must champion BC 2. Multi-disciplined team—BC cannot be done by IT alone 3. Risk Assessment—Understand the potential exposure and tolerance for uncertainty 4. Business Impact Assessment—Quantified analysis of all critical processes and systems 5. Recovery Time Objective—the maximum amount of time within which a function must be restored in order to avoid unacceptable damage 6. Recovery Point Objective—the maximum amount of acceptable data loss after an incident as measured in time 7. Network and Security Assessments for critical applications and processes 8. Strategy Development—Recovery strategies based on the corresponding recovery objectives 9. Automated plan development and implementation—Investment in planning tools; regular plan review, test and refresh; update plans at least once per year Compliance: Setting the Agenda—Business Continuity Can No Longer Be Ignored One needs to look no further than the headlines in today’s business publications to know that compliance is setting the agenda for many executive management teams in boardrooms around the world. More and more often business continuity is being linked to regulatory compliance. A number of industry regulations and guidelines now include requirements related to business continuity, such as disaster recovery plans, data backup/retention and secondary sites for IT operations. Enterprises are increasingly being asked to provide details about their BCM programs in order to maintain existing business or to compete for new contracts. Enterprises understand that they’re only as resilient as their supply chain and now set high BCP standards for partners, vendors and other stakeholders. Below are just of few of the compliance/regulatory items frequently identified on a CEO’s agenda: 2
  • 4. Business Continuity Management in the Extended Enterprise References Industries Affected Primary Focus Business Continuity Implications All public companies Corporate governance Long-term data Sarbanes-Oxley traded on U.S. stock storage/archiving exchanges Financial Services Information retention and security Data Replication— Gramm-Leach- long-term Bliley (GLB) storage/archiving Healthcare Standardization of healthcare Requires disaster HIPAA transactions and privacy of patient recovery plan, records crisis operations plan, and data backup U.S. Government Information security Requires FISMA government to be open and operational through a crisis Financial/Banking Created by the Basel Committee on Requires business Basel II Accord Banking Supervision, Sound continuity plan Practices for Management and and loss Supervision, 2003 limitations FERC RM01-12-00 Energy/Utility Regulation focused on larger metro Requires disaster (Appendix G) utilities. Rural Utility Services are recovery plan exempt. Hazards To frame the discussion of business continuity planning, it is useful to begin with an assessment of the types of events that can disrupt business. One can then begin to assess the impact and formulate a strategy for mitigating the effects of each potential threat. Hazards come in many forms but can be broken down into three basic categories: Facilities Infrastructure, Workforce Continuity, and IT Infrastructure. Facilities Infrastructure Hazards 1. Natural Hazards (floods, blizzards, hurricanes, forest fires, earthquakes, etc.) 2. Human caused (chemical spills, train derailments, terrorist attack, civil unrest, power outages, fuel disruptions, etc.) 3. Geographic (transport infrastructure, amenities, staffing resources) Events that affect the facilities, whether of natural origin or man-made, have been the focus of the disaster recovery discussions. The hazards that typically impact an entire facility are large in scale and often come with little warning. Within the context of Business Continuity Planning, interruptions of this magnitude may be the central driver of the solution, but they should not be the sole focus of planning. Workforce Continuity Hazards 1. Flu pandemic 2. Employee loss (work stoppage, death, layoff, resignation, or illness) Events that affect the personnel of a business, rather than its infrastructure, are a relatively recent BCM issue. However, when one examines the information flows within an enterprise, the people and their ability to access data and applications are clearly a critical element. 3
  • 5. Business Continuity Management in the Extended Enterprise Personnel-related disruptions can be broad, as in the case of a significant pandemic flu outbreak or weather-related event. However, even the loss of a single key employee can be devastating, if the person in question is the only one who possesses critical knowledge or skills. Effective Business Continuity Planning must also address somewhat unpleasant topics, such as, how would an enterprise sustain operations if a significant percentage of employees were unable to perform their duties for several days, weeks, months or permanently. Can the business rapidly implement staggered work shifts or remote working strategies? The first step to ensuring workforce continuity is to assess which skills are needed to sustain critical processes, where they are located and how readily they can be re-directed to ensure continuity. IT Infrastructure Hazards 1. Hardware failure 2. Software errors 3. Security event (virus, worm, denial of service attacks or break-ins) 4. Network transmission degradation or failure 5. Change management error 6. Human error IT infrastructure has long been at the center of disaster recovery. It is an area where technology creates both exposures and the solutions needed to support the real-time, extended enterprise. The threats to IT infrastructure include physical impacts, such as hardware failures and circuit cuts, as well as less visible but very real threats from software bugs, security events, and simple human error. BCM initiatives need to address the complete business information flow and the entire critical infrastructure that supports it. Each hazard, large or small, carries with it a unique set of challenges that a business must address as its BCM strategy evolves. Of course, a number of the BCM components will not be within the scope of IT. For example, to avoid the impact of a significant flu outbreak, many businesses offer free flu shots to employees, thereby mitigating the risk of significant employee absenteeism resulting from seasonal illness. Business Continuity Management Business Continuity Management is a continuous process driven by the critical business needs of an enterprise. A complete assessment of the information flows must take into consideration the people, processes and systems (including communications infrastructure) involved in each business information flow. All information flows internal to the company or external to suppliers or customers must be examined. The business assessment is then reviewed in the context of the Risk Assessment. The Risk Assessment helps identify the business continuity requirements, top and bottom line income exposures and potential expenses should an impacting event occur. Figure 1 below illustrates the Business Continuity Life Cycle. By adopting a life cycle approach to BCM, enterprises should be able to maintain the needed operational resiliency as their environment changes. New applications, mergers and acquisitions, changing regulatory landscapes, and technological advancements can alter the business environment overnight. It is critical that BCM is integrated into all significant business decisions to help enable the 4
  • 6. Business Continuity Management in the Extended Enterprise enterprise to continue operations while maintaining an acceptable level of risk for its critical information flows. Business Continuity Management cycle Business Continuity Solutions Business Continuity Solutions should provide a broad array of business continuity solution components from traditional resilient voice and data services to high-availability, network- embedded applications that enable customers to take advantage of a highly resilient platforms at a fraction of the cost of building the platform in-house. The foundation of the business continuity portfolio is a suite of consulting services that integrate continuity planning with network architectures—helping you through all stages of Business Continuity Plan Development, from initial planning and assessment through implementation. By integrating Business Continuity Planning and network planning, The Business can help ensure critical processes and systems are supported by a resilient network architecture delivering advanced communications across one of the world’s largest local to global IP networks. This is a critical vulnerability for many enterprises because BCP and network planning are often segregated functions rather an integrated risk mitigation process. Separate leadership and funding priorities means the network architecture might not be able to deliver performance required in the business continuity disaster recovery (BCDR) plan. The team should work with the enterprise to develop and implement business continuity plans and systems to help you meet these critical business objectives. 5
  • 7. Business Continuity Management in the Extended Enterprise Business Continuity Planning Services available to meet key business continuity requirements include the following:* Service Focus Service Benefit to the Customer Business Continuity Technology Consulting Assistance in developing or refreshing Professional Services Services Business Continuity and regulatory compliance plans Resilient Voice and Data Enterprise Mobility— Ability to stay connected via notebook Networking EVDO PCs via broadband wireless combined with’s Enterprise Mobility Management Service IP VPN Broadband Wireless Back-Up IP VPN and broadband wireless back-up solution to traditional wire line access SIG Broadband Wireless Back-Up Public access back-up via broadband wireless to tie public locations into private networks Private IP—Disaster Recovery Ports Secondary Private IP port and access value-priced to use as back-up access Ethernet Private Line Provides overall metro area LAN/WAN network flexibility and resiliency Custom Redirect Service Real-time redirect of inbound calls based upon a trigger event to pre- configured alternative numbers Security Services Denial of Service— Increased preventative measures to Defense Detection protect systems from outages caused by DoS attacks Managed Firewall Enterprise and Managed Intrusion Increased preventative measures to Protection protect systems from outages caused by viruses and malicious hacking IT Solutions IP Application Hosting Warm and hot fail-over options to facilitate ongoing operations during outage impact to primary facilities and systems Remote Backup and Restore Data back-up to a remote, secure location managed by full restore back to the primary data site when needed Managed Storage Variety of managed and hosted storage 6
  • 8. Business Continuity Management in the Extended Enterprise solutions to integrate into overall Business Continuity plan Network-Embedded Hosted IP Centrex Flexible VoIP-based calling service with Applications network based IP PBX that enables calling locations to change on demand to any location with Internet access Web Center Flexible hosted multimodal contact center functionality that permits contact center agents to reside anywhere there is Internet access Integrated Communications Package Small business focused unified communication application that provides flexible calling and alternative communications options that does not require a fixed location Managed Network Services Managed Network A variety of management options for Services services that remove day-to-day operations from an enterprise and move them to a resilient network operations centers Customized Business Customized Business Customized solutions focused on Outcome SLA Outcome SLA achieving specific business outcomes for an application vs. traditional network and data center SLAs 7