Business Continuity Planning and Digital Preservation

Business Continuity Planning and Digital Preservation Digital Resilience and Preservation Monday Date: 2012-05-21 John Lindström, PhD EMBA CISSP Lul...

Author: Roy Hensley

12 downloads 0 Views 542KB Size

Report

Download PDF

Recommend Documents

Business Continuity Management. 1.0 Chapter 1 Business Continuity Management, Business Continuity Planning And Disaster Recovery Planning

Business Continuity Planning

Introduction to Business Continuity Planning

The Business Continuity Planning Process

Business Continuity Planning September Risk Consultants

Business Continuity Planning Disaster Planning, Emergency Response & Crisis Management 101

Business Continuity and Disaster Recovery Planning MANAGING RISK. IMPROVING PERFORMANCE

Business Continuity Planning and Operational Risk Management for Central Banks

CONNECTING PRESERVATION PLANNING AND PLATO WITH DIGITAL REPOSITORY INTERFACES

Business Continuity

Climate Change and Business Continuity

ASSESSMENT PLANNING SELF BUSINESS CONTINUITY OXFORDSHIRE FIRE & RESCUE SERVICE

Recover or Fail? Business Continuity Planning for Technology Risks

Checklist of Strategies: Health Crisis Business Continuity Planning

Business Continuity Why a Business Continuity Professional? By DRI Canada

Asia-Pacific Economic Cooperation. Guidebook on SME Business Continuity Planning

Protecting E-Business by implementing Business Continuity and Disaster Recovery Planning in the Banking Industry

BUSINESS CONTINUITY MANAGEMENT PLAN

Business Continuity Strategy

BUSINESS CONTINUITY PLAN (TEMPLATE)

Business Continuity Guidebook

TREE PRESERVATION PLANNING

Business Continuity Management Strategy

Agenda Business Continuity Strategy

Business Continuity Planning and Digital Preservation

Digital Resilience and Preservation Monday Date: 2012-05-21

John Lindström, PhD EMBA CISSP Luleå University of Technology [email protected]

Agenda

» What is Business Continuity Planning (BCP)? » Relation in between BCP and Digital Preservation

» Discussion

What is BCP? What is a crisis? A crisis or crisis situation is e.g. a serious disruption of the critical processes not possible to solve with ordinary or reserve routines within ordinary operations. Other very serious events deemed to significantly hinder or disturb the operations may also be characterized as a crisis situation Crisis management is e.g. a ”systematic attempt by organizational members with external stakeholders to avert crises or to effectively manage those that do occur” (Pearson and Clair, 1998) Critical processes are e.g. the process that always must be operational/available och be able to restart within a specified amount of time (as the potential reserve routines are not able to uphold service level and quality over a longer period of time) Every organization ‐ make its own definitions…

Business plan

Business Continuity Plan

Strategic IT- and information management Strategic information security

What is BCP? E.g. the ability and preparedness to manage disruptions in an organization’s critical processes (…as well as other serious events) What is the purpose of BCP? To increase an organization’s ability and preparedness to manage problems and disruptions so that crisis situations rarely occur. Often, BCP does not only depend on the own organization – but involves other parties that also need to be prepared…

Starting at top management level VISION Objectives

Business Plan including Business Continuity Plan IT- and information security

Rules IT- and information security policies and values

Strategy

Laws and regulations Society Ethics ”Externals” …

Normal Present situation

[Lindström and Hägerfors, 2009]

Crisis

Education, practice and awareness IT- and information security training

How to organize? A simplistic business continuity process Situation assessment phase ‐ Assessment team

Emergency phase

Crisis management phase

‐

‐

Crisis manage‐ ment team

Crisis management team

Duration: short

Duration: short

Involved: few

Inblandade: few

Duration: as long as needed Involved: many

Recovery phase ‐ Crisis management team Duration: approx 5 times the crisis mgmt phase Involved: many

”A car accident” Start of crisis managament

Emergency phase

Crisis management phase

‐

‐

‐

Assessment phase

Crisis manage‐ ment team

Crisis management team

Recovery phase ‐ Crisis management team

How to organize? A more complete business continuity process

[Lindström, 2012]

Assessment Team Intelligence gathering phase

Situation assessment phase

Crisis Management team(s) + resources brought in on a need basis Crisis Æ Emergency phase Æ Crisis management phase Æ Recovery phase

No crisis Situation Incident Disaster recovery Disaster Recovery Team(s)

Incident response Incident Response Team(s)

[Lindström, 2012]

How to do this in practice? Climb the stairs (preferably upwards) [Lindström et al., 2010]

7. BCP maintenance process start-up 6. Implementation, tests, trainings 5. Development of a BCP and maintenance plan 4. Risk analysis/assessment … to risk mitigation planning 3. Analysis of critical resources in the critical processes .

.

6. BC measures maintenance process start-up 5. Implementation, tests and trainings 4. Develop a department “crash kit” 3. Have the critical processes all resources needed?

2. Process analysis, pin point the “critical ones” and deadlines and describe routines 1. Sets objectives and limitations

Applied on organizational level

.

.

Applied on departmental level

Business continuity plan – flexible support enabling management of a crisis situation and minimizing damages and after math in a calm and systematic manner No ”recipe book” –> generic problem solving with a number of prepared checklists!

Strategic elements of information security Business Continuity Planning

Rules

Education, practice and awareness

Strategic elements

Security Programme

[Lindström and Hägerfors, 2009]

Relation in between BCP and Digital Preservation APARSEN’s 4 main pilars defining Digital Preservation Trust, sustainability, usability and access

Key words used to define Digital Preservation Access, availability, quality of data, security, integrity, provenance, trust, long term, curation, continuity…

Similarities quite a few overlaps!

Differences availability – timewise

Business plan Strategic IT- and information management Strategic Digital Preservation

Strategic elements of Digital Preservation ? ?

?

Strategic elements

Digital Preservation Programme

What are the strategic elements of Digital Preservation? How to communicate that to top management – what angle to use? Business values? Business continuity? Deal breakers/maker?