Can the business depend on IT for business continuity? BCS North London Branch November 25 2009 Andy Mason MBCS CITP MBCI Head of Business Continuity PricewaterhouseCoopers LLP Contents Introduction Downtime, what downtime? Standards, standards, standards Business Continuity Lifecycle Who needs computers? Incident Timeline What happens when IT is not available?
Static infrastructure, dynamic business Conclusion Questions PricewaterhouseCoopers LLP Can the business depend on IT for business continuity? PricewaterhouseCoopers PricewaterhouseCoopers provides industry-focused assurance, tax and advisory services to build public trust and enhance value for our clients and their stakeholders. More than 163,000 people in 151 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice
PricewaterhouseCoopers LLP in the UK has 16000 Partners and staff spread across 41 offices from Plymouth to Aberdeen BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 3 Can the business depend on IT for business continuity? Downtime, what downtime? Applications Laptops, PCs Data centres Networks Third parties
Laptops Resilience, high availability Seamless Auto failover, Hot start, Warm start, Cold start Increasing complex technology Increasing business reliance on IT People, property and process BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 4 Can the business depend on IT for business continuity? Standards, standards, standards Position for graphic or image
BCS North London Branch PricewaterhouseCoopers LLP BS25999 Part 1 and 2 > ISO 22399 & ISO 22301 BS25777 > ISO 24762 ISO 20000-2 < ITIL v3 ISO 27002 < BS7799
November 2009 Slide 5 Can the business depend on IT for business continuity? The Business Continuity Lifecycle BS25999-1:2006 Code of Practice for BC Management - BCM Lifecycle BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 6 Can the business depend on IT for business continuity? The Business Continuity Lifecycle for ICT
BS25777:2008 Code of Practice for ICT Continuity Management BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 7 Can the business depend on IT for business continuity? Who needs computers? Pordivnig a fmarerowk for cmmocinuatoin Aoccdrnig to rseeacrh at Cmabirgde Uinervtisy, it deonst mttaer waht oredr the ltteers in a wrod are wirtten, pordivnig the frist and lsat ltteer are in the rhigt pclae, bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. BCS North London Branch PricewaterhouseCoopers LLP
November 2009 Slide 8 Can the business depend on IT for business continuity? BS25999-1:2006 Incident Timeline Overall recovery objective: Back to normal as quickly as possible Incident! The Incident Timeline Time Line Incident Response Business Continuity Within minutes to hours: Staff & visitors accounted for Casualties dealt with Damage containment / limitation
Damage assessment Invocation of BCP BCS North London Branch PricewaterhouseCoopers LLP Recovery - back to normal Within hours to days: Contact staff, customers, suppliers, etc. Recovery of critical business processes Rebuild lost work-in-progress Within weeks to months: Damage repair / replacement Relocation to permanent place of work Recovery of costs from insurers November 2009 Slide 9
Can the business depend on IT for business continuity? Static infrastructure, dynamic business Applications and services Servers Storage Networks Disaster recovery Peaks and troughs Ebbs and flows Today, tomorrow, next week BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 10
Can the business depend on IT for business continuity? Conclusion Incidents happen Standards can help Simple lifecycle Responding to disruption Reducing the impact Static and dynamic Continuity counts BCS North London Branch PricewaterhouseCoopers LLP November 2009 Slide 11 It is not the strongest, nor the most
intelligent that will survive, but those most responsive to change. Charles Darwin This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2009 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.
