Train By Tweet

Follow this course on Twitter

Presentation Context

The concepts presented here apply to the following real world scenario:

• Large commercial data center operator
• Hundreds of frames
• Thousands of operating system instances
• Moderate turnover rate of administration personnel
• Moderate turnover rate of client systems
• Regulated and audited environments
• Data center automation is key to profitability

Overview

Business Continuity is:

• a methodology and mentality of conducting day-to-day business.
• practiced by every member of an organization in the execution of every task they conduct every day.
• an executive management responsibility, not IT.
• NOT equivalent to Disaster Recovery.
• is championed, supported, and strictly enforced by executive management.

The Problem

• Personnel resource utilization to maximize productivity.
• What the ???
• How to best utilize personnel to reduce overall costs.
• Personnel turnover and loss of knowledge base.
• Regulatory Compliance
• Audit Compliance
• Information availability and integrity
• Recoverability of business functions
• Customer confidence

The Solution

With the committed support of executive management, implement an enterprise wide initiative that converts existing business functions into a business continuity environment.

What are the components of Business Continuity?

Orienting an organization around a business continuity mentality and methodology is much like building a house and consists of the following components:

• Foundation
• Provides a basis upon which to build
• Pillars
• Evenly distributes the weight of the structure upon the foundation
• Walls
• For storage, security, segmentation, privacy, and public areas
• Roof
• Protects the underlying structure from the elements.

The Foundation of Business Continuity

In our construction analogy, the foundation consists of the following:

• Policies
• those things mandated by management of an organization that will always be performed according to a preset design plan, and supporting all business functions within an organization.
• Guidelines
• those things which are recommended to be performed according to a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementations.
• Standards
• consists of the technical specifications for the implementation of all business functions, and are derived from the Policies and Guidelines.
• Procedures
• the step-by-step instructions for the implementation of organizational Standards as applied to any business function.

The Pillars of Business Continuity

• Resource Planning
• Human Resources
• Facilities Management
• Communications
• Finance
• Sales and Marketing
• Management
• Organizational Structure
• Training
• Skills inventory
• Critical skill redundancy
• Management commitment
• Long term vision and goals
• Willingness to delegate compliance authority
• Authority to require and enforce BC compliance at all organizational levels

The Walls of Business Continuity

• Business Function Scope
• Who? What? When? Where? How?
• Business Impact Analysis
• Complete Business Function Inventory
• Determination of Critical Business Functions
• Determination of RTO and RPO for each business function
• Service Level Agreements
• SLA to be created for every business function including production, test, development, and quality assurance.
• Enterprise Level Disaster Recovery Plan
• A disaster recovery plan must be derived from an enterprise level down, not from a software application level up.
• The same is true for a business continuity plan, this must be at the beginning of project planning, not the end.

The Roof of Business Continuity

• Executive Management Champion of Business Continuity
• Resolves to a individual or title such as CIO or CEO
• Enforces BC compliance at all organization levels
• Final word rests here, ties go to BC compliance
• Comprehensive Business Continuity Plan
• Includes all departments, divisions, and locations.
• Can be implemented in multiple parts
• Each part must support comprehensive BC view
• Business Continuity is the rule
• Deviation requires executive management approval and budget adjustments to compensate effected departments.
• Participation and compliance by all personnel is required
• this includes sales and marketing!

Where is the IT Department in this?

• Notice the IT department has not been mentioned anywhere thus far!
• Why?
• Business Continuity is an executive management responsibility, NOT IT!
• Everything that has been discuss so far is the responsibility of executive management and is concerned with making business decisions. For example, the IT department MUST NOT be making the following management decisions:
• Which business functions are critical?
• How long can a business function be off-line?
• How much data can be lost without adversely effecting the business?
• What commitments will be promised to customers by our Service Level Agreement contracts?
• What business functions will be eliminated if a catastrophic event occurs
• What jobs will be eliminated if a catastrophic event occurs?
• ...

What does management commitment mean?

When anyone (including management and sales) submits a project to be implemented to the IT department:

• The implementation team has the authority and managements backing to reject the request, if business continuity principles cannot or will not be preserved.
• When the sales person or division manager goes over the head of the IT department, executive management is committed to preserving the established business continuity principles.
• When the division manager insists this project must be implemented immediately, and that business continuity principles will have to be retrofitted in later, executive management is committed to a charge back on the project to the division manager of 5 times the cost of a business continuity compatible deployment.
• The additional charge back revenue is added to the IT department budget to accommodate the non-standard project and to cover the cost of retrofitting at a later date.

Can we do this?

Business Continuity is an enterprise wide mentality and methodology of conducting day-to-day business:

• Executive management must be committed to enforcing this policy, if not, do not even start a business continuity initiative. Without this level of management commitment, a BC initiative will fail, and will only cost the organization time and money. See Chart.

Summary

Business Continuity Requires:

• Management commitment
• Enterprise wide participation
• Establishment and strict adherence to standards
• Delegation of authority to enforce compliance

Business Continuity is a waste of time, energy and money:

• Without managements commitment to it's success.
• If the implementers are not confident about their authority to reject non-compliant work.
• If the implementers are afraid of confrontation.
• If the executive management champion is afraid of confrontation.