Presentation given to Continuity Forum for BCAW 2009

1. 23 March 2009 Rejuvenating BCM - Infrastructure Total of 5 pages Business Continuity Awareness Week 23 – 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM

5. b. Risk Heat Map Key Adequate mitigation in place Semi-adequate mitigation in place Inadequate mitigation in place IT Security Data Centre Outage Supply Chain Customer Billing Financial Systems Customer Data India Call Centre Failure of IT Outsource Extremely Remote 1 * 10-100 years Remote 1 * 2-10 years Possible in Short to Medium Term 1 * 6-24 months Likely in Short Term 1 * 0-6 months Business Risks - IT Critical Significant Minimal Impact Likelihood

6. c. Business Criticality Heat Map Key Disaster Recovery in place RTO 24 hours Backup and restore procedures in place. RTO 36 hours No plan RTO unknown Data Centre Payroll Customer Billing Financial Systems Customer Data India Call Centre Telecoms & LAN Tactical Strategic Critical Mandatory Criticality of Systems vs. Availability Continuous Availability Disaster Recovery Backup & Restore Architecture Criticality email Internet Presence Online Ordering SRM Despatch Document Registry

10. FY2011 FY2012 FY2015 FY2014 FY2013 FY2010 FY2009 Strategy 3 Critical Assets Strategy 1 DR Enablers Strategy 2 Projects & Lifecycle Data Centre Infrastructure c. Multi Year Infrastructure Disaster Recovery Roadmap SLA DR Policy Continuous Improvement via Self Funding DR Paradigm Project 6 DR Strategy DR Enabler Initiative 3 DR Enabler Initiative 4 Project 1 Project 2 Project 3 IT Lifecycle Project 5 Project 7 BIA & RA Multi Year DR Project for Top 5 Critical Assets Multi Year Project Critical Assets 2 Project 4 Multi Year Project 3

11. d. Business Continuity Maturity BCMM© Virtual Corporation

14. b. Glossary of Terms Source: BS 25777:2008 Business Continuity Strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level. BCM Business Continuity Management BC Strategy Approach by an organisation that will ensure its recovery and continuity in the face of a disaster or other major incident or business disruption. Disruption Event, whether anticipated or unanticipated which causes an unplanned, negative deviation from the expected delivery of products and services according to the organisations objectives. ICT Continuity Capability of the organisation to plan for and respond to incidents and disruptions in order to continue ICT services at an acceptable predefined level. ICT Disaster Recovery Activities and programmes that are invoked in response to a disruption and are intended to restore an organisation’s ICT services. Impact Evaluated consequence of a particular outcome. Incident Situation that might be, or could lead to, a business disruption, loss, emergency or crisis. RPO Recovery Point Objective. Point in time to which data has to be recovered in order to resume ICT services. RTO Recovery Time Objective. Target time set for resumption of product, service or activity delivery after an incident. Resilience Ability of an ICT system to provide and maintain an acceptable level of service in the face of various disruptions and challenges to normal operation. Risk Something that might happen and its effect on the achievement of objectives. Testing Forced failure of all or part of an ICT system, under specific conditions, to verify that recovery is properly performed. Vulnerability Weakness within the ICT asset or activity that might, at some point, be exploited by threats.