Más contenido relacionado La actualidad más candente (19) Similar a Optimizing the it and business environment through dashboards (20) Más de Thomas Bronack (14) Optimizing the it and business environment through dashboards1. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Executive Presentation
on
Systems Development Life Cycle and
Application Recovery Certification
Management Dashboards
Created by:
Thomas Bronack, CBCP
Phone: (917) 673-6992
Email: bronackt@dcag.com
Web Site: www.dcag.com
Created by: Thomas Bronack ©
Page: 1
Date: 1/15/2014
2. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Enterprise Resiliency and Corporate Certification
Insurance Needs
and Claims
Enterprise
Resiliency
Security, Salvage,
Restoration
Emergency Operation
Center (EOC)
Business
Continuity
Management
Emergency
Management
Enterprise Resiliency combines all recovery
operations into one discipline using a common
language and tool set.
Corporate Certification guarantees that the
company complies with all laws in the
countries they do business in.
Workplace
Safety & Violence
Prevention
Risk & Crisis
Management
Physical and Data
Security
Processing Sites and
Supply Chain Management
Corporate Certification
Business Locations, IT Sites, and
Supply Chain Management
Domestic
Compliance
Created by: Thomas Bronack ©
International
Compliance
Page: 2
Primary
Site
Supply
Chain
Secondary
Site
Date: 1/15/2014
3. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Enterprise Resiliency must be built upon a Solid Foundation
Best Practices consist of:
·
·
·
House of Enterprise Resilience
Enterprise Resiliency consist of:
·
·
·
·
·
·
·
Emergency Management;
Business Continuity Management;
Workplace Violence Prevention;
Workflow Management;
Functional Responsibilities;
Job Descriptions; and
Standards and Procedures.
Workplace Violence Prevention
·
·
·
·
Threats;
Predators;
Violent Events; and
Employee Assistance Programs.
Created by: Thomas Bronack ©
COSO / CobIT / ITIL;
ISO 27000; and
FFIEC, etc.
Foundation consist of:
·
·
·
·
·
·
Physical Security
and
Access Controls
Enterprise Resiliency;
Risks and Compliance issues;
Corporate Certification Guidelines;
Best Practices;
Available Tools; and
Certification Firm.
Global Standards include:
Corporate Certification consist of:
·
·
·
·
BS 25999 / ISO 22301;
Private Sector Preparedness Act;
CERT Enterprise RMM Framework; and
NFPA 1600.
Page: 3
·
·
·
·
·
ISO 22300 – Global Standard;
NYSE 446;
SS 540 (Singapore);
ANZ 5050 (Australia)
BC Guidelines (Japan); and more.
Date: 1/15/2014
4. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Executive Dashboard
Executive
Dashboard
Infrastructure
Dashboard
Operations
Dashboard
Recovery
Dashboard
Asset Management
Vital Records,
Access Control
Disaster Planning
Production
Process
DR Certification
Development
Verify Success and
Performance
Audit Compliance
Maintenance
Deliver Results
Disaster
Declaration
Test, QA, Accept
Status Reporting
Disaster Recovery
Created by: Thomas Bronack ©
Page: 4
Date: 1/15/2014
5. Executive
Management Dashboards Relationships
Steering Committee
Management
EOC, CCC, &DR
Teams
Status
Reporting
DR Planning and Activation
Dashboard
Executive Management Dashboard
on DR Planning and Activation
Application Recovery
Certification Dashboard
Recovery Plans
Training Materials
Articles
Library
Management
Standards and
Procedures
Business Location Recovery
Dashboard
Recovery
Planning (7
Phases, each
with 13 Steps)
Statement of
Work (SOW)
Business /
Project Plan
Recovery Site
Preparation
Application
Selection
Procedures
Business
Recovery Site
Workplace
Safety and
Violence
Prevention
Risk Analysis
and Insurance
Profile
Dedicated
BCM
Organization
Actual DR
Test, or
Activation
VMware,
vSphere,
vConnect, and
RPA
Building
Evacuation Plan
OSHA,OEM,
FEMA & Building
Codes
Audit, Legal,
and
Compliance
Requirements
Long-Term
Management
Commitment
Post Mortem
Meeting
Failover /
Failback for
HA
Applications
Business
Recovery &
Resumption Plan
First Responders
and Government
Agencies
SDLA, Integration,
and Version &
Release
Management
Flip / Flop for
CA
Applications
Created by: Thomas Bronack ©
Page: 5
Site Protection,
Salvage, &
Restoration
Date: 1/15/2014
6. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Tracking Active Disaster Recovery Event – Drill Down Actions
“Top Level”
Phase VI - Initiate Recovery Plan when Disaster Event Occurs
Help Desk
Help Desk
Contingency
Failing Site
Recovery
Team is Called
Recovery
Identifies Disaster
Notifies
Coordinator
Protection, Disaster Site is
Operations are
and Recovery
Personnel are
Event or a Disaster Contingency
Declares
Salvage, and Evacuated, as
Initiated and
Tasks
Transferred to
Event is reported to Recovery Plan Disaster and
Restoration is
needed
Conducted for
Performed
Recovery Site
Help Desk
Coordinator Initiates Plan
Initiated
Life of Disaster
Failing Site is
Salvaged and
Restored
Personnel
Return to
Original Site
and Resume
Production
Recovery Steps
Post Mortem Improvements
are added to
is Conducted
are
Testing Process
and
Incorporated in
and
Improvement
Future
Periodicically
s Identified Recovery Plans
Repeated
“Sub Level”
“Activity Level”
“Action Item
Level”
DR Planning Action Items
Number: Status:
Action Item Description:
Priority:
Assigned to:
Due Date:
Actions Taken:
Comments:
“Management &
Control Level”
Created by: Thomas Bronack ©
Page: 6
Contingency
Command
Center (CCC)
Emergency
Operations
Center (EOC)
Date: 1/15/2014
7. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Systems Development Life Cycle
•
Work Order Submitted by Client
–
•
Development Performed
–
•
Setup, Process, Verify Results, Deliver Output, perform Capacity and Performance reviews, generate
management reports.
Support
–
•
Library Management (Global Applications Catalog), Vital Records Management, Access Controls,
Documentation review and verification, Acceptance Testing.
Production Operations
–
•
Verify all required data and documentation is provided, Version and Release Management, Create
Turnover package and submit to Production Acceptance.
Production Acceptance
–
•
Create Testing Environment (real or virtual), Test scripts and test scenarios, Successful (document,
pass onto QA), if not (repair and retest until successful).
Quality Assurance
–
•
Business and Technical Reviews, Buy / Build Decision, Development Completed and Documented.
Testing Performed
–
•
User Information provided to Development Group.
Documentation (Messages and Controls, Job Run Books, Manuals, etc.), Problem / Incident
Management; Resolutions (Root Cause Analysis, Repair, and Documentation), Change Request.
Maintenance
–
Problem Resolution Implementation, Enhancements, New Technology or upgrades, Equipment
Refreshment, Update Global Applications Catalog.
Created by: Thomas Bronack ©
Page: 7
Date: 1/15/2014
9. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
SDLC Steps to Production
Created by: Thomas Bronack ©
Page: 9
Date: 1/15/2014
11. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Systems Management Organization
IT & Business
Environments
Systems Management
and Controls (SMC)
Resource Management
Service Level
Management
Asset &
Inventory
Management
Configuration
Management
Support
Management
Application
Development
(SDLC)
Production
Acceptance
Business
Contingency
Management
Change
Management
Application
Maintenance
Production
Operations
Security
Management
Problem
Management
Capacity
Management
Application
Testing
Performance
Management
Quality
Assurance
Created by: Thomas Bronack ©
Recovery Management
Systems Development
Life Cycle (SDLC)
Network
Management
Business
Recovery
Page: 11
(IT, Data, Physical)
Vital Records
Management
Risk
Management
Incident
Management
Disaster
Management
Date: 1/15/2014
12. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Job Documentation Requirements and Forms Automation
New Product / Service Development Request Form Life Cycle
Documents are Linked to from Date Field
Development Request Form
Phase:
Date
User Information
_____________
Technical Justification
_____________
Build or Buy
_____________
Development (Build / Modify)
_____________
Test:
_____________
Documentation
_____________
Business Justification
Development:
Unit Testing
Documentation
_____________
Regression Testing
_____________
Quality Assurance
_____________
Production
_____________
Support (Problem / Change)
_____________
Maintenance (Fix, Enhancement)
_____________
Documentation
_____________
Recovery
_____________
Awareness and Training
_____________
Documentation
Data Sensitivity & Access Controls
IT Security Management System
Encryption
Vital Records Management
Data Synchronization
Backup and Recovery
Vaulting (Local / Remote)
Disaster Recovery
Business Recovery
·
·
·
·
·
·
·
Application Owner
Documentation & Training
Application Support Personnel
End User Coordinators
Vendors and Suppliers
Recovery Coordinators
Testing Results
Production Acceptance
Documentation
Main Documentation Menu
Created by: Thomas Bronack ©
·
·
·
·
·
·
·
·
·
Quality Assurance:
_____________
Production Acceptance
Development Request Form Number
Business Need
Application Overview
Audience (Functions and Job Descriptions)
Business / Technical Review Data
Cost Justification
Build or Buy Decision
Interfaces (Predecessor / Successor)
Request Approval
Testing:
_____________
System Testing
Link to
Documents
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
Application Setup
Input / Process / Output
Messages and Codes
Circumventions and Recovery
Recovery Site Information
Travel Instructions
Sub-Documentation Menus
Page: 12
Date: 1/15/2014
13. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Information Accounting and Charge-Back System Concept
By utilizing Work Order (WO) and Purchase Order (PO) concepts, it is possible to track and bill clients for
their use of Information Technology services associated with development and maintenance services. This
concept is presented below:
User Name: ____________________
User Division: ___________
User Identifier _______
Work Order #: __________________
Date: ___________
For: _________________________
Purchase Order Phases:
PO for: Development, or Maintenance
Cost: $ _____________
PO for: Testing
Cost: $ _____________
PO for: Quality Assurance
Cost: $ _____________
PO for: Production Acceptance
Costs $ ____________
PO for: Production (on-going)
Cost: $ _____________
PO for: Vital Records Management
Cost: $ _____________
PO for: Asset Management (Acquisition, Redeployment, Termination)
Cost: $ _____________
PO for: Inventory and Configuration Management
Cost: $ _____________
PO for: Information and Security Management
Cost: $ _____________
PO for: Safe Workplace Violence Prevention
Cost: $ _____________
PO for: Recovery Management
Cost: $ _____________
PO for: Documentation and Training
Cost: $ _____________
PO for: Support and Problem Management
Cost: $ _____________
PO for: Change Management
Cost: $ _____________
PO for: Version and Release Management
Cost: $ _____________
Total Cost: $ _____________
Bill can be generated via Forms Management, Time Accounting, or Flat Cost for Services. This system can be used to
predict costs for future projects and help control expenses and personnel time management.
Created by: Thomas Bronack ©
Page: 13
Date: 1/15/2014
14. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Application Recovery Certification
•
Select Application to be Certified
–
–
–
•
Develop Application Profile to Update Global Application Catalog
–
–
•
Steps to be followed by Application Recovery Team.
Complete Post-Test Activities Form
–
•
Used to provide Site Replication and Data Synchronization for Testing Application Recovery Certification (CA, HA, Best Effort).
Complete Actual-Test / Activation Work Activities Form
–
•
Provide Form to Recovery Team so they can insure Recovery Site can support Production requirements, and updatedata synchronization
to best meet Recovery Point Objective (when snapshots are taken) and Recovery Time Objective time needed to restore data to pnt of
failure so that production processing can resume).
Complete Pre-Test / Activation Staging form
–
•
Contains Recovery Preparation, Set-up, processing, and Post Mortem phases of Application Recovery Certification.
Complete Infrastructure Readiness Records
–
•
Capacity and Performance Requirements, Tier Change, Updated Recertification date.
Create Application DR Exercise / Activation Exercise Booklet
–
•
New Resources, new SME names, New Management Names;
New Application Recovery Certification dates, and New Compliance Requirements.
Update Application Inventory Record
–
•
From Global Application Catalog by: Region, Tier; Criticality, Compliance, and Last Time Certified;
Recertify applications that have gone through a maintenance upgrade;
Based on Growth or New Technology.
Contains: Actual Times for Recovery and compares them to Estimated Times projected, Encountered Errors, and Comments.
Conduct a Post Mortem Meeting
–
–
–
–
A Management Report and Presentation is provided to meeting attendees that is Used to review Recovery Test / Activation;
Obtain recommendations for improvement, then select recommendations for implementation;
Implement selected improvements and retest recovery procedure to measure improvements;
Update Recovery Procedures and train personnel on new process.
Created by: Thomas Bronack ©
Page: 14
Date: 1/15/2014
15. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Application Recovery Certification Flow
The Road to Successful Recovery Certification
Ready for
Testing
Test
Gaps & Exceptions
Success
Failure
Obstacles & Impediments
Recovery Plans and
Personnel Procedures
need improvement
CA Gold
Standard
Mediate
Mitigate
Compliance to
Country Laws and
Regulations
HA Recovery
Certification
Infrastructure &
Suppliers capable of
supporting needs
Hardware capable of
supporting workload
processing
Software capable of
supporting workload
processing
Testing Failure Loop, until Successful Recovery Certification
Ready for
Re-Testing
Created by: Thomas Bronack ©
Problem
Repaired
Page: 15
Date: 1/15/2014
16. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Reporting on Recovery Certification
Company Operations
Technical Services
Executive Management
Compliance Reporting
Chief Executive
Officer (CEO)
Application
Certification
Operations
Recovery Manager
Operations
Recovery Manager
- Extract Information,
- Risk Assessment (RA),
- Business Impact Analysis (BIA),
- Define HA / CA Services,
- Identify Gaps and Exceptions,
- Define Obstacles that impede
recovery,
- Generate a Loss / Prevention
Report,
- Submit Report to Management.
Technical
Recovery Manager
- Review / Combine Information,
- Review Operations Reports,
- Data Security & Vital Records,
- Access Controls,
- Library Management,
- Production Acceptance,
- Version and Release Management,
- Define HA / CA Services,
- Application Recovery Certification,
- Business Continuity,
- Disaster Recovery,
- Emergency Management,
- Awareness, Training, and Testing,
- Create all required documentation,
- Standards and Procedures.
Chief Financial
Officer (CFO)
- Validate Information,
- Establish Reporting Criteria,
- Gather data and report,
- Review Reports,
- Attest to their accuracy,
- Submit Reports.
Business
Recovery
Plans
Disaster
Recovery
Plans
- Report Information,
- Submitted Quarterly,
- Attested to Annually,
- Reviewed by SEC and
other agencies to insure
compliance.
The Recovery Management and Corporate Certification process includes office Recovery Managers and Technical Recovery
Managers to gather information, compile global data into Recovery Plans, and then generate Management Report that can
be used to “Attest” to compliance to recovery and regulations needed for the company to be certified.
Created by: Thomas Bronack ©
Page: 16
Date: 1/15/2014
17. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Personnel Productivity and Training
(Responsible for assigning work tasks to the right person at every project phase, while
ensuring that skill requirements are met and the highest possible quality is achieved)
Created by: Thomas Bronack ©
Page: 17
Date: 1/15/2014
18. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Personnel and Work Flow Management
Created by: Thomas Bronack ©
Page: 18
Date: 1/15/2014
19. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Data Synchronization and Recovery Operations using Cloud Based Hosting
Real Time Data Replication
Synchronized Recovery Data
Router
Local
Users
Recovery
Site
Hosting
Cloud
Internet
Firewall
Primary
Servers
Firewall
Remote Users
Replicated
Servers
Users are normally connected to the Primary Site, while data is synchronized in real-time with Cloud Hosting site. When
disaster event occurs, users can access the replication site without interruption or loss of data.
Created by: Thomas Bronack ©
Page: 19
Date: 1/15/2014
20. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Overview of the Enterprise Information Technology Environment
Physically Transported
Using Tape
Only Encryption
·
·
·
·
Customers;
Credit Bureaus;
Feed-Files; and,
Other Locations.
Physical /
Cloud
Remote
Tape / Data
Vault
·
·
·
Physical
/ Virtual
Remote
Locations
Electronic Vaulting;
Incremental Vaulting; and,
Electronic transmission to
Disaster Recovery Site
Disaster
Recovery Site
Encrypting Data-InMovement will protect
data being transmitted to
remote sites
Electronic
Transmission
Local
Tape / Data
Vault
Local
Tape / Data
Vault
Electronic
Transmission
Open Network
With
Multiple Access Points
Local
Sites
Encryption of “Data at Rest”
to Provide Total Protection
Local
Sites
Production
Site #2
Production
Site #1
IT Locations
End User
“Work Order”
to create a new
Product or
Service
Cloud
Computing
Company
Data
Systems Development Life Cycle (SDLC)
New
Applications
Business Locations
Created by: Thomas Bronack ©
Development
Send Approved
Applications
To Production
Acceptance
Testing and
Quality
Assurance
Problem Resolution
And
Enhancements
Maintenance
Development And Maintenance Environments
Page: 20
Date: 1/15/2014
21. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Migration Pathway and Goals
(Can apply to Site Consolidations or Recovery Site migrations)
Applications are identified, evaluated, rated, scheduled, and moved from originating site to target site
Migration Path
Originating
Site
• Originating
data center(s)
Decommission
Originating
Site
Applications
Migration
Schedule
Applications
Tier 1 – Tier n
• Rate Applications for
Movement by Tier / Group
• RTO Support Artifacts
• Infrastructure Needs
• Resource Needs
• Gap & Exceptions
• Obstacles
• Mitigate / Mediate
• Validate Ability to Move
• Validate Target Site Ability
to Accept / Support
Y
Created by: Thomas Bronack ©
Page: 21
N
•
•
•
•
•
•
•
•
•
•
Movement
Target Site
Movement
Testing
Quality Assurance
Production Acceptance
Production
Vital Records
Access Controls
Recovery Planning
Acceptance
Turnover
• Target
data
center(s)
Complete
?
Date: 1/15/2014
22. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Can be sorted by: Equipment Type,
Disposition, Date, or Location
Asset Management Disciplines
“Dispose of Surplus equipment after Migration to
Target Data Center(s) to reap profit from sales,
return of equipment storage space, and personnel.”
Start
Pick-Up List
Equip. Type:
PC
PC
PC
Disp:
A
R
T
Location:
Bldg 3, Rm 203
Bldg 1, Rm 405
Bldg 2, Rm 501
Disposition = ‘A’
Acquire
Equipment
Purchase
Order
Install
Equipment
Add to
Master Inventory
Master
Inventory
Equipment is being Actively used
N, Exceptions List Generated
Disposition = ‘R’
Re-deploy
Equipment
Work
Order
Equipment is moved to new location
Disposition = ‘T’
Terminate
Equipment
Work
Order
Compare to
Master Inventory
Pick-Up
Inventory
Service
Order
Perform
Services
Ready-to-Sell
Inventory
Equipment is Sold or Disposed of
End
Created by: Thomas Bronack ©
Y
Warehouse
Inventory
Service
Order
Purchase
Release
Order
Form
Marketing & Sales
Finance
Form
Complete Asset Life Cycle from Acquisition
through Re-Deployment and Termination
Archive
Page: 22
Date: 1/15/2014
23. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Inventory Management Environment
Client
Request
Purchase
Order
Acquire
Asset (*1)
Add to
Inventory
Inventory
Data Base
All Assets
Client
Invoice
Work
Order
Install
Asset (*2)
Add to
Configuration
Work
Order
Redeploy
Asset (*3)
Update
Configuration
Work
Order
Terminate
Asset (*4)
Update Asset &
Configuration
Assets,
by Site
Configuration
Data Base
*1 – Purchased Equipment as per guidelines (Leased, Owned, Rented, Type, and Vendor).
*2 – Infrastructure Group schedules and installed Asset.
*3 – Assets are moved from one location to another or reassigned to staff with work performed by the Infrastructure Group.
*4 – Asset are terminated and data erased in accordance to DoD data erasure standards, then equipment is disposed or or donated in accordance to
EPA guidelines and requirements.
Created by: Thomas Bronack ©
Page: 23
Date: 1/15/2014
24. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Incident / Emergency Management Operations Environment
Relationship between EMG and EOG during an emergency
Emergency Management Group (EMG)
Emergency Operations Group (EOG)
Facility Manager
Emergency Director
Human Resources
Coordinator
Security Coordinator
Environmental
Coordinator
Safety and Health
Coordinator
Public Relations
Coordinator
·
·
·
Affected Area / Unit
Manager / Supervisor
Planning & Logistics
Coordinator
Incident Manager
Maintenance
Coordinator
Safety Officers
Operations Officers
Emergency Medical
Technicians Team
·
·
·
·
·
·
·
Provide specific support activities for disaster events;
Coordinate information with Personnel, Customers, and Suppliers; and
Optimize Recovery Operations and Minimize Business Interruptions.
Central / Corporate Incident Management
Created by: Thomas Bronack ©
Fire / Hazmat
Fire Brigade
Evacuate site if necessary;
Assess Damage and report to Emergency Director;
Provide First Aid to personnel;
Coordinate activities with First Responders and follow their lead;
Initiate Salvage procedures;
Perform site restoration and coordinate return to site; and
Recommend improvements going forward.
Local Incident Management
Page: 24
Date: 1/15/2014
25. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Problem Management and Circumvention Techniques
Created by: Thomas Bronack ©
Page: 25
Date: 1/15/2014
26. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Fully Integrated Recovery Operations and Disciplines (Physical End Goal)
Private Sector
Preparedness Act
(Domestic
Standard)
CERT Resiliency
Engineering
Framework
BS 25999 / ISO
22301
(International
Standard)
National Fire
Prevention
Association
Standard 1600
OSHA,
DHS, OEM,
Workplace
Safety
Contingency
Command
Center
Incident
Command
Center
Corporate
Certification
Workplace
Violence Prevention
Lines of
Business
Locations
Information Security
Management System (ISMS)
based on ISO 27000
Emergency
Operations Center
(EOC)
Emergency
Response
Management
State and Local
Government
First Responders
(Fire, Police & EMT)
Employees
Suppliers
Department of
Homeland Security
(DHS)
Command
Centers
Help
Desk
Operations
Command
Center
Network
Command
Center
Business Continuity
Management
Risk
Management
Disaster and
Business
Recovery
Business
Integration
Service Level
Agreements and
Reporting
Systems
Development
Life Cycle
COSO / CobIT /
ITIL / FFIEC
Workplace
Violence
Prevention
ISO2700
Security
Standards
Customers
Office of Emergency
Management
(OEM)
Created by: Thomas Bronack ©
Crisis
Management
Six Sigma /
Standards and
Procedures
Page: 26
A fully integrated recovery organization will include
the components shown in this picture.
Corporate Certification is achieved through the
compliance laws and regulations used to provide
domestic and international guidelines that
enterprises must adhere to before they can do
business in a country.
Workplace Violence Prevention and Information
Security is adhered to by implementing guidelines
to protect personnel and data by following the
latest guidelines related to these topics.
Internal command centers responsible for
monitoring operations, network, help desk, and
the contingency command center will provide vital
information to the Emergency Operations Center
staff.
Organizational departments, locations, and
functions are identified and connections provided
to the EOC so that communications and
coordination can be achieved in the most accurate
and speedy manner.
Using this structure will help organizations better
collect recovery information and develop recovery
operations to lessen business interruptions and
protect the company’s reputation.
Date: 1/15/2014
27. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Responding to Disaster Events
Security must be maintained at all times by cooperation with First Responders during disaster event
Disaster Event
Disaster
Event
First
Responders
Declare
Disaster
Site Salvage
Site Restoration
Activate Recovery Plan and
go to secondary site
Process at
Secondary Site
Return
to Site
Resume
Operations
Return
to Site
Coordinating recovery operations with the First Responders, Security, Salvage, and
Restoration is a critical factor in recovery planning and should be included in all recovery
planning procedures.
Additional considerations include Insurance and Claim Processing, media
communications, and coordination with government organizations and companies near
your facility that may be affected by the disaster event.
Being a good neighbor is important to protect your reputation and show good will.
Created by: Thomas Bronack ©
Page: 27
Date: 1/15/2014
28. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Types of Recovery Plans and their Sections
Recovery Plan Sections:
Contingency
Command
Center
Security
Salvage
Incident Recovery Plan
•
•
•
•
•
•
•
Disaster Recovery Plan
•
•
•
•
•
•
Restoration
•
•
Created by: Thomas Bronack ©
Coordinator Leads Operation;
Validate & Accept Assignment;
Declaration & Notification;
Initiate Call Tree;
Formulate Recovery Teams;
Activate Recovery Plans;
Monitor and Track Recovery
Tasks and Status;
Report;
Complete Recovery Operations;
Process at Secondary Site;
Coordinate Primary Site
Protection, Salvage, and
Recovery;
Return to Primary Site;
Resume Processing at Primary
Site;
De-Activate Secondary Site; and
Perform Post-Mortem and make
needed corrections.
Page: 28
Business Recovery Plan
Application Recovery Plan
Supplier Recovery Plan
Primary Site Recovery Plan:
• Protection,
• Salvage and Restoration,
• Process Resumption.
Alternate Site Recovery Plan:
• Travel and Activate Start-Up,
• Assume Production,
• Return to Primary Site,
• De-Activate.
Date: 1/15/2014
29. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Activating and Coordinating Disaster Recovery Plans
Site Protection, Salvage, & Restoration
Problems &
Incidents
Network
Problems
Production
Operations
Problems
NCC
Major
Incidents &
Problems
Notified by Help Desk of Recovery Need:
•
•
•
•
•
Verify Problem and Match to Recovery Plan;
Notify Contingency Plan Coordinator;
Activate Plan and Perform Tasks;
Operate at Contingency Site;
Coordinate Production Site Protection,
Salvage and Restoration;
• Return to Production Site; and,
• Continue Production Operations.
ICC
OCC
Coordinate
Recovery
Teams
Contingency
Command Center
Problem
Library
Help Desk
Recovery
Library
Emergency
Operations Center
Level
1
Level
2
Level
3
Level
“D”
Local
HD
Repair
Local
SME
Repair
Vendor
Repair
Select
Recovery
Plan
Created by: Thomas Bronack ©
Page: 29
Coordinate
Company
Operations
Communicate Recovery Operations with:
• Executive Management;
• Lines of Business, Personnel, Clients,
Vendors, Supply Chain, and Workplaces;
• Command Centers;
• First Responders and Community Agencies;
• Companies close-by and the News.
Date: 1/15/2014
30. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
How to get started Implementing this Project
• Presentation to your management and technical staffs.
• Agree that you want to achieve Enterprise Resiliency
and Corporate Certification.
• Perform a Risk Assessment that will define your needs.
• Obtain management approval to initiate the project with
their strong support.
• Identify Stakeholders and Participants.
• Formulate teams and train them on the goals and objectives of this project.
• Create a detailed Project Plan and start teams working.
• Develop, Test, Implement “Proof of Concept”, and gain approval to go forward.
• “Rollout” Enterprise Resiliency and Corporate Certification to all locations.
• Fully document and Integrate within the everyday staff functions performed.
• Deliver Awareness and Training services.
• Provide Support and Maintenance services going forward.
Created by: Thomas Bronack ©
Page: 30
Date: 1/15/2014
31. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Fully Integrated Resiliency Operations and Disciplines (Logical End Goal)
Contingency
Command
Center (CCC)
Incident
Command
Center (IC)
Command
Centers
Workplace
Violence
Prevention
Help Desk
(HD)
Emergency Operations
Center (EOC)
OSHA, OEM,
DHS
Emergency
Response
Management
Lines of
Business
Locations,
Employees,
Infrastructure,
Equipment,
Systems,
Applications,
Services,
Supplies,
Customers,
RTO, RPO, and
RTC.
Office of the
Controller of
the Currency
National Fire
Prevention
Association
1600 Standard
Information Security
Management System (ISMS)
based on ISO27000
Corporate
Certification
•
•
•
•
•
•
•
•
•
•
ISO22313 and
ISO22318
(International
Standard)
CERT Resiliency
Engineering
Framework, ITIL
and COSO
Private Sector
Preparedness Act
(Domestic
Standard)
•
•
•
•
•
State and Local
Government,
First Responders (Fire,
Police, & EMT),
Department of
Homeland Security
(DHS),
Office of Emergency
Management (OEM),
Local Community.
Created by: Thomas Bronack ©
Operations
Command
Center (OCC)
Business
Continuity
Management
•
•
•
•
•
•
•
•
Risk Management (COSO),
Disaster Recovery,
Business Continuity,
Crisis Management,
Emergency Management,
Workplace Violence
Prevention,
Failover / Failback,
Protection, Salvage &
Restoration.
Page: 31
Business
Integration
•
•
•
•
•
•
Network
Command
Center (NCC)
Service Level Agreements (SLA)
& Reporting (SLR),
Systems Development Life Cycle
(SDLC),
CobIT, ITIL, and FFIEC,
ISO Guidelines,
Audit and Human Resources,
Six Sigma or Equivalent for
Performance and Workflow
Management
Date: 1/15/2014
32. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
How Dashboards Help
• Improved efficiency by providing instant access to current and accurate information
from any authorized terminal or personal computer;
• Less time spent reviewing out-of-date or inaccurate information;
• Improved time frame for completing projects;
• Reduced costs associated with implementing projects;
• Better protection to the company reputation;
• More highly trained staff with an improved morale;
• Easier to retain and recruit clients;
• Adherence to the laws and regulations where the company conducts business; and,
• Less stress and better performance helps everyone do their job better.
Created by: Thomas Bronack ©
Page: 32
Date: 1/15/2014
33. Optimizing the IT and Business Environment through Dashboards
bronackt@dcag.com / (917) 673-6992
Conclusions
•
Enterprise Resiliency and Corporate Certification will build an efficient, safeguarded, and
compliant environment that best supports continued business operations and the company
reputation.
•
Many people are involved with planning, implementation, support, and maintenance, so
awareness is high and training can be easily achieved.
•
A well trained and loyal staff will best support retention and recruitment of personnel and
clients, while supporting future growth and an industry reputation as an excellent company.
•
SLA / SLR and Client Contract management will be more easily achieved, thereby producing a
happier client and support for future growth through accomplishments and references.
•
Use of “Best Practices” will better guaranty success, while protecting management’s decision
to implement a state-of-the-art production, compliant, and recoverable environment.
•
Use of the latest Data Management technology will support recovery time requirements,
while allowing for off-line testing of maintenance and recovery operations.
•
Integration of Systems Management, Workflow Management, and a Charge-Back System will
provide monitoring and control over costs, while developing a repository of accomplished
work that can be referenced when planning similar projects.
•
Integration of the Emergency Operations Center (EOC) with Command Centers, Lines of
Business, and Recovery Operations will enhance the information provided to Executive
Management and allow them to better communicate with clients and assist with expediting
resumption of business operations.
Created by: Thomas Bronack ©
Page: 33
Date: 1/15/2014