Add to collection(s) Add to saved
  1. Business
  2. Economics

Business Impact Analysis

Gulf Coast Energy International
Business Continuity / Disaster Recovery
Planning and Design Proposal
Prepared by
Andrew Rolf, Felipe Torres, Pranay Jaiswal
BCP/DR & Emergency Preparedness Plan
Disaster
Recovery
Plan
IT systems
Corporate processes and procedures
© 2006. IT Consulting LLC. All Rights Reserved.
 Business continuity,
emergency
management and
disaster recovery
are interconnected to
protect, recover and
resume business
operations
How to initiate a BCP?
 Perform in-depth review of existing DRP and
perform immediate improvements as
appropriate.
 Establish a GCE Project Sponsor and
Steering Committee.
 Establish Business Continuity Definitions,
Terms and Assumptions
© 2006. IT Consulting LLC. All Rights Reserved.
Business Continuity Lifecycle
Stage 1
Initiation
Initiate Business
Continuity
Management
Stage 2
Requirements
and Strategy
Risk Assessment
Business Impact
Analysis
Strategy Evaluation
and Selection
Stage 3
Implementation
BR Organization and
Responsibilities
Implement stand-by
arrangements
Develop IT Recovery
Plans
Implement Risk
Reduction Measures
Develop Standard Operating Procedures
Stage 4
Operational
Management
Review
and Audit
Testing
Education
and Awareness
Training
Quality Assurance
© 2006. IT Consulting LLC. All Rights Reserved.
Change
Management
Schedule for BCP/DR (SOW)
Hurricane
Season Starts
2006
2007
STABILIZE
OPTIMIZE
Review / Validate
Existing BCP/DR processes
& procedures for ability to meet SLAs
Project Initiation
Scope / Assumptions
Schedule
CURRENT STATE
Team
Contract
•DR not a priority
•DR plans not
updated to meet
new business req.
•Plans not tested
•DR HW out-dated
TRANSFORM
Recommend
immediate updates
to current
procedures as
appropriate
Project
Planning
Project Execution
Develop Recovery Plans
Develop Procedures
Periodic Review/
Implementation
Validate BIAs
Conduct
And DRPs
Annual
Exercise
Implement
Critical
Functions
Initiate
Risk Assessment (RA)
Initiate
Business Impact
Analysis (BIA)
Initiate
Strategy Evaluation
And Selection
Deliverable
(RA)
Deliverable
(BIA)
© 2006. IT Consulting LLC. All Rights Reserved.
Plan Annual
Exercise
Deliverable
(SES)
Deliverable
(Exercise
Result)
Coordinate
Regular DR
Tests per SLAs
TARGET STATE
•New BCP/DR Plan
•Annual Testing
•Constant Update
•Periodic BIAs
validations
•Updated HW
•Management
commitment
Risk and Business Impact Analysis
 Analysis Team Members
– Individuals from each functional business unit
– DR consultants from IT Consulting
 Analysis Team Responsibility
– Plan & conduct Risk & Business Impact Analysis
– Report findings to management
© 2006. IT Consulting LLC. All Rights Reserved.
Risk and Business Impact Analysis
 Data Gathering
– Cross-functional analysis
– Interviews, Meetings, Questionnaires, Polls
– On-site and electronic conferences
 Data Storage and Distribution
– Stored on LAN
– Software: Microsoft Office
– Distributed by mail, email, LAN, face to face
© 2006. IT Consulting LLC. All Rights Reserved.
Risk Analysis
 Risk Evaluation Areas
– Geographical Locations
– Building Composition
– Upstream, Downstream, Corporate, & IT
•
•
•
•
•
Physical access controls and security
Computing environments
Personal practices
Operating practices
Backup practices
© 2006. IT Consulting LLC. All Rights Reserved.
Risk Analysis
 Items Included in Risk Analysis
– List of potential disasters/crisis
– Impact to people, assets, environment, reputation
– Likelihood of occurrence
– Severity rating based on impact and likelihood
– Others…
© 2006. IT Consulting LLC. All Rights Reserved.
Risk Analysis
© 2006. IT Consulting LLC. All Rights Reserved.
People and Disasters
 Disaster Awareness and Training
– Detailed Evacuation Plans
– Evacuation Drills
 Emergency Communication Processes
– Contact Information for All Employees
 Laptops for Critical Functions
© 2006. IT Consulting LLC. All Rights Reserved.
Business Impact Analysis
 Critical Functions Questionnaire
– Is function time critical?
– Can function be performed at reduced efficiency?
– Max time function can be unavailable?
– Loss of revenue?
– Fines or penalties?
– Legal liabilities?
– Loss of public image?
– Others…
© 2006. IT Consulting LLC. All Rights Reserved.
Business Impact Analysis
 Steps in Analysis
– Compare to risk analysis
– Develop matrix of critical functions, risks, impacts
– Review with stakeholders/management
© 2006. IT Consulting LLC. All Rights Reserved.
Business Impact Analysis
© 2006. IT Consulting LLC. All Rights Reserved.
Business Impact Analysis
© 2006. IT Consulting LLC. All Rights Reserved.
Steps for a Disaster Recovery Plan





Identify staffing requirements
Identifying recovery strategies
Selecting recovery strategies
Draft Creation of disaster recovery plan
Testing the disaster recovery plan
© 2006. IT Consulting LLC. All Rights Reserved.
Staffing Resources
IT Consulting
Gulf Coast Energy
BCP/DR
BCP/DR
Manager
Manager
DR
DRCoordinator/
Coordinator/
Project
ProjectManager
Manager
DR
DR
Transition
Transition
Manager
Manager
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Project
Project
Sponsor
Sponsor
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Mainframe
Mainframe
Business
Business
SME
SME
Distributed
Distributed
Computing
Computing
Business
Business
Network
Network
Business
Business
SME
SME
Other
Other
Businees
Businees
SMEs
SMEs
Steering Committee
Mainframe
Mainframe
DR
DR
Technicians
Technicians
Distributed
Distributed
Computing
Computing
Specialists
Specialists
© 2006. IT Consulting LLC. All Rights Reserved.
Network
Network
DR
DR
Specialists
Specialists
Legend
• DR Disaster Recovery
• SME Subject Matter Expert
Staffing Resources
IT Consulting
Gulf Coast Energy
BCP/DR
BCP/DR
Manager
Manager
DR
DRCoordinator/
Coordinator/
Project
ProjectManager
Manager
DR
DR
Transition
Transition
Manager
Manager
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Mainframe
Mainframe
DR
DR
Technicians
Technicians
Project
Project
Sponsor
Sponsor
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Distributed
Distributed
Computing
Computing
Specialists
Specialists
© 2006. IT Consulting LLC. All Rights Reserved.
Disaster
Disaster
Recovery
Recovery
Specialist
Specialist
Mainframe
Mainframe
Business
Business
SME
SME
Distributed
Distributed
Computing
Computing
Business
Business
Network
Network
Business
Business
SME
SME
Time Dedication:
Not more than 30% of their total work time
should be needed to provide guidance to
Network
Network
DR the IT Consulting Project Team.
DR
Specialists
Specialists
Other
Other
Businees
Businees
SMEs
SMEs
Steering Committee
Legend
• DR Disaster Recovery
• SME Subject Matter Expert
Relationship between RTO, RPO & Cost
Weeks Days Hrs Secs
Cost
(RTO)
Secs Hrs Days Weeks
Acceptable
Downtime
Loss
(RPO)
DISASTER
RTO
Money
RPO
Maximum cost of plan
Time to recover
 Recovery Point Objective (RPO): Refers to the point in time to which
data must be recovered.
 Recovery Time Objective (RTO): Refers to the acceptable time period
within which the business functions should be restored and made
available to ensure normal functioning of the organization.
© 2006. IT Consulting LLC. All Rights Reserved.
Identifying Recovery Strategies
 Computer facilities recovery strategy
– Hot sites, Cold sites, Mirror sites, etc
 Data and documentation recovery strategies
– RPO, RTO
 Department recovery strategies
– Business Functions
 Telecommunication recovery strategies
– Voice and Data
© 2006. IT Consulting LLC. All Rights Reserved.
Selecting Recovery Strategies
 Cost Benefit Analysis
Cost
Hardware
Equipment
Telecom
Setup
Time
Location
Med / High
Full
Full
Short
Fixed
WARM Site
Med
Partial
Partial / Full
Med
Fixed
COLD Site
Low
None
None
Long
Fixed
MIRRORED
Site
High
Full
Full
None
Fixed
Mobile Site
High
Dependent
Dependent
Dependent
Variable
Site
HOT Site
© 2006. IT Consulting LLC. All Rights Reserved.
Selecting Recovery Strategies
 Cost Benefit Analysis
Cost
Hardware
Equipment
Telecom
Setup
Time
Location
Med / High
Full
Full
Short
Fixed
WARM Site
Med
Partial
Partial / Full
Med
Fixed
COLD Site
Low
None
None
Long
Fixed
MIRRORED
Site
High
Full
Full
None
Fixed
Mobile Site
High
Dependent
Dependent
Dependent
Variable
Site
HOT Site
© 2006. IT Consulting LLC. All Rights Reserved.
Selecting Recovery Strategies
 Cost Benefit Analysis
Cost
Hardware
Equipment
Telecom
Setup
Time
Location
Med / High
Full
Full
Short
Fixed
WARM Site
Med
Partial
Partial / Full
Med
Fixed
COLD Site
Low
None
None
Long
Fixed
MIRRORED
Site
High
Full
Full
None
Fixed
Mobile Site
High
Dependent
Dependent
Dependent
Variable
Site
HOT Site
© 2006. IT Consulting LLC. All Rights Reserved.
GCE Global Operations
Corporate
Headquarters
Division
Headquarters
European
Headquarters
Asia Pacific
Headquarters
Houston:
Lockport, LA:
Brussels:
Kuala Lumpur
Corporate
Upstream
Downstream
Real Estate
IT
~4K employees
Upstream
Real Estate
IT
~1K employees
Upstream
IT
~200 employees
Upstream
IT
~150 employees
© 2006. IT Consulting LLC. All Rights Reserved.
GCE Gulf Coast Operations
 As Is
© 2006. IT Consulting LLC. All Rights Reserved.
GCE Corporate IT Group (as-is)
Fax
`
LAN
Router
`
Phone
Firewall
Firewall
`
FRAD
Support/Op. Personnel Office
Firewall
`
Firewall
LAN
`
`
`
LAN
`
Remote
Office
Firewall
File
`
Developers & PM Office
Database
Server
Application
Server
Developer
Datacenter
© 2006. IT Consulting LLC. All Rights Reserved.
E-Comm.
Email
DB
Operations/Support
Datacenter
Oil Platforms
GCE Gulf Coast Operations
 Redundancy
– On-Shore
– Off-Shore
© 2006. IT Consulting LLC. All Rights Reserved.
GCE Gulf Coast Operations
 Critical Data
© 2006. IT Consulting LLC. All Rights Reserved.
Fax
`
LAN
Router
`
Phone
Firewall
Firewall
`
FRAD
Support/Op. Personnel Office
Firewall
`
Firewall
LAN
`
`
`
LAN
`
Remote
Office
Firewall
File
`
Developers & PM Office
Database
Server
Application
Server
Developer
Datacenter
Email
E-Comm.
Oil Platforms
DB
Operations/Support
Datacenter
Satellite
`
LAN
`
Firewall
Firewall
Firewall
`
Remote
Office
Support/Op. Personnel HOTSITE
File
Email
Router
Firewall
Developers
& PM Office
COLDSITE
© 2006. IT Consulting
LLC. All
Rights Reserved.
Database
Server
Application
Server
MIRRORED
Developer
Datacenter
E-Comm.
DB
MIRRORED
Operations/Support
Datacenter
Selecting Recovery Strategies
 Data, Time, and Criticality
© 2006. IT Consulting LLC. All Rights Reserved.
Selecting Recovery Strategies
 Data, Time, and Criticality
– Huge Data Quantity
– Low Business Criticality
– RTO → Delayed
© 2006. IT Consulting LLC. All Rights Reserved.
Selecting Recovery Strategies
 Data, Time, and Criticality
– Small Data Quantity
– High Business Criticality
– RTO → Immediate
© 2006. IT Consulting LLC. All Rights Reserved.
Steps for a Disaster Recovery Plan
 Identifying recovery strategies
 Selecting recovery strategies
 Draft Creation of disaster recovery plan
– Reviews and discussion sessions
– Finalize and Sign-off
 Testing the disaster recovery plan
– Initial Test
– Subsequent annual tests
© 2006. IT Consulting LLC. All Rights Reserved.
Gulf Coast Energy International
Business Continuity / Disaster Recovery
Planning and Design Proposal
Project Cost Estimates
 GCE losses estimated to be $1 Million a day
without a comprehensive disaster recovery plan.
 Total Project Cost: $3.1 Million
– .51% of GCE 2005 Income of $600M
– .03% of GCE 2005 Revenue of $10B
– Costs based on work completed through DR implementation for
Critical systems (June 1, 2007)
© 2006. IT Consulting LLC. All Rights Reserved.
Related documents
Lesson 4.1 - Slides
Lesson 4.1 - Slides
Need for Alternative Investments in Today`s Pension Plans
Need for Alternative Investments in Today`s Pension Plans
Module_Presentation_09_14_12_1451 Booz Allen Ham
Module_Presentation_09_14_12_1451 Booz Allen Ham
Global Consulting - Northwood University
Global Consulting - Northwood University
Your_Solutions_LLC_-_New_Business3[1]
Your_Solutions_LLC_-_New_Business3[1]
Business Plan Basics - The Controllership Group
Business Plan Basics - The Controllership Group
How To Manage Virtual Project Teams
How To Manage Virtual Project Teams
Writing an Article for an Academic Journal: Yes, you can" by Dr
Writing an Article for an Academic Journal: Yes, you can" by Dr
Download