BCP vs. DRP
Ed Waldschmidt
ewaldschmidt@brotherhoodmutual.com
260-481-5361
October 9,2012
Agenda
What is BCP?
Does BCP have anything to do with
DRP?
Who should manage these functions?
Lessons learned in Katrina.
Can a Katrina type disaster happen
here?
What is BCP.
• BCP stands for Business Continuity Planning
• With BCP, one plans for what happens in a
disaster type scenario.
• Does a disaster type scenario always impact
the computer
• How do I keep the doors open and the lights
on?
What is BCP- cont.
• What would one do if the computer is running
fine, but the office is impacted?
• What are your critical functions? Not
necessarily IT related.
• Can and are these functions manual?
• Speaking of manual, are your processes
documented?
• Can you piece together your business?
Does BCP have anything to do
with DRP
• One word answer, maybe
• BCP deals with business functions and
impact analysis
• BCP should belong to the business side
• DRP belongs to IT and should be driven by
the business. This is definitely a new way of
thinking.
Does BCP have anything to do
with DRP
• One needs to get into the details of the
departments
• In BCP, the user departments learn RTO
(recovery time objective) and RPO (recovery
point objective)
• The shocker to the point above is that they do
not mean the same.
This takes diligence
• Designing a BCP plan takes time.
• Aon was lucky during Katrina – only 13
employees in New Orleans
• What if Chicago? Ouch.
• How does your employees react in a crisis
situation?
BIA, BCP, DRP WHAT??
• What is in BIA? Business Impact Analysis.
• Determine critical functions of business not
applications
• On the critical functions of business determine what
is the impact if this function is not performed Day 1,
Day 2, Day 3 and so on.
• Determine the RPO and RTO of each function.
Recovery Point Objective and Recovery Time
Objective respectively
BIA,BCP,DRP WHAT (cont)
• Your BIA drives the rest of the plans. Make sure
you put time here.
• Next in plan building, create your Business
Continuity Plan from your BIA.
• The BCP will document the who, the what, and the
why of the recovery effort.
• After the BCP document is created, then this
document drives the DRP.
Considerations
Local disasters – only impact the local community
Regional disasters – Katrina impacted a 750
square mile area. 9/11 although local impacted
more regional. Eastern Seaboard.
National disasters - War or attacks
Considerations (cont)
• Employees who are impacted by disaster
really don’t care about work like they
did prior to the disaster.
• Be willing to work with less than full
staff and critical employees might be
impacted.
• Manual processes will be missed.
• Procedures will be out of date
• No time for micro managing.
Other issues
•
•
•
•
Phone lists will be out of date.
HR records are not kept up
Communication avenues may not work
Mail is one often overlooked problem, and
include in this next day deliveries.
• Local deliveries.
New Orleans Day 2
9/11 & Katrina thoughts
• At Aon during 9/11, the New York office had
to go through the phone book to see if they
recognized any clients names. This
happened because their plan was on the 102
floor of tower 1 burning up. No other copies.
• Katrina – New Orleans office could not
forward phones because call forwarding had
to be done at the office in the city which was
under water.
9/11 & Katrina thoughts (cont)
• Mail could not be forwarded because the
USPS was not ready for this type of disaster.
This includes overnights.
• Text message was the only communication is
available for the employees in the New
Orleans office. Set up a conference bridge.
• Make sure Senior Management leaves
impacted area.
• Have HR on board.
9/11 & Katrina thoughts (cont)
• Remember paper
• Plans need to be offsite
• Data recovery media not local. New Orleans
office used Iron Mountain in New Orleans and
this facility was under water.
• Travel restrictions.
• Can a Katrina type disaster happen in Fort
Wayne?