Optimizing the it and business environment through dashboards

Optimizing the IT and Business Environment through Dashboards

bronackt@dcag.com / (917) 673-6992

Executive Presentation
on
Systems Development Life Cycle and
Application Recovery Certification
Management Dashboards
Created by:
Thomas Bronack, CBCP
Phone: (917) 673-6992
Email: bronackt@dcag.com
Web Site: www.dcag.com
Created by: Thomas Bronack ©

Page: 1

Date: 1/15/2014



Enterprise Resiliency and Corporate Certification
Insurance Needs
and Claims

Enterprise
Resiliency

Security, Salvage,
Restoration

Emergency Operation
Center (EOC)

Business
Continuity
Management

Emergency
Management

Enterprise Resiliency combines all recovery
operations into one discipline using a common
language and tool set.
Corporate Certification guarantees that the
company complies with all laws in the
countries they do business in.

Workplace
Safety & Violence
Prevention

Risk & Crisis
Management

Physical and Data
Security

Processing Sites and
Supply Chain Management

Corporate Certification

Business Locations, IT Sites, and
Supply Chain Management

Domestic
Compliance

International
Compliance
Page: 2

Primary
Site

Supply
Chain

Secondary
Site
Date: 1/15/2014



Enterprise Resiliency must be built upon a Solid Foundation
Best Practices consist of:
·
·
·

House of Enterprise Resilience

Enterprise Resiliency consist of:
·
·
·
·
·
·
·

Emergency Management;
Business Continuity Management;
Workplace Violence Prevention;
Workflow Management;
Functional Responsibilities;
Job Descriptions; and
Standards and Procedures.

Workplace Violence Prevention
·
·
·
·

Threats;
Predators;
Violent Events; and
Employee Assistance Programs.


COSO / CobIT / ITIL;
ISO 27000; and
FFIEC, etc.

Foundation consist of:
·
·
·
·
·
·

Physical Security
and
Access Controls

Enterprise Resiliency;
Risks and Compliance issues;
Corporate Certification Guidelines;
Best Practices;
Available Tools; and
Certification Firm.

Global Standards include:
Corporate Certification consist of:
·
·
·
·

BS 25999 / ISO 22301;
Private Sector Preparedness Act;
CERT Enterprise RMM Framework; and
NFPA 1600.

Page: 3

·
·
·
·
·

ISO 22300 – Global Standard;
NYSE 446;
SS 540 (Singapore);
ANZ 5050 (Australia)
BC Guidelines (Japan); and more.

Date: 1/15/2014



Executive Dashboard
Executive
Dashboard

Infrastructure
Dashboard

Operations
Dashboard

Recovery
Dashboard

Asset Management

Vital Records,
Access Control

Disaster Planning

Production

Process

DR Certification

Development

Verify Success and
Performance

Audit Compliance

Maintenance

Deliver Results

Disaster
Declaration

Test, QA, Accept

Status Reporting

Disaster Recovery


Page: 4

Date: 1/15/2014

Executive

Management Dashboards Relationships

Steering Committee
Management
EOC, CCC, &DR
Teams

Status
Reporting

DR Planning and Activation
Dashboard

Executive Management Dashboard
on DR Planning and Activation

Application Recovery
Certification Dashboard

Recovery Plans
Training Materials
Articles

Library
Management

Standards and
Procedures

Business Location Recovery
Dashboard

Recovery
Planning (7
Phases, each
with 13 Steps)

Statement of
Work (SOW)
Business /
Project Plan

Recovery Site
Preparation

Application
Selection
Procedures

Business
Recovery Site

Workplace
Safety and
Violence
Prevention

Risk Analysis
and Insurance
Profile

Dedicated
BCM
Organization

Actual DR
Test, or
Activation

VMware,
vSphere,
vConnect, and
RPA

Building
Evacuation Plan

OSHA,OEM,
FEMA & Building
Codes

Audit, Legal,
and
Compliance
Requirements

Long-Term
Management
Commitment

Post Mortem
Meeting

Failover /
Failback for
HA
Applications

Business
Recovery &
Resumption Plan

First Responders
and Government
Agencies

SDLA, Integration,
and Version &
Release
Management

Flip / Flop for
CA
Applications


Page: 5

Site Protection,
Salvage, &
Restoration

Date: 1/15/2014



Tracking Active Disaster Recovery Event – Drill Down Actions
“Top Level”
Phase VI - Initiate Recovery Plan when Disaster Event Occurs
Help Desk
Help Desk
Contingency
Failing Site
Recovery
Team is Called
Recovery
Identifies Disaster
Notifies
Coordinator
Protection, Disaster Site is
Operations are
and Recovery
Personnel are
Event or a Disaster Contingency
Declares
Salvage, and Evacuated, as
Initiated and
Tasks
Transferred to
Event is reported to Recovery Plan Disaster and
Restoration is
needed
Conducted for
Performed
Recovery Site
Help Desk
Coordinator Initiates Plan
Initiated
Life of Disaster

Failing Site is
Salvaged and
Restored

Personnel
Return to
Original Site
and Resume
Production

Recovery Steps
Post Mortem Improvements
are added to
is Conducted
are
Testing Process
and
Incorporated in
and
Improvement
Future
Periodicically
s Identified Recovery Plans
Repeated

“Sub Level”
“Activity Level”
“Action Item
Level”

DR Planning Action Items
Number: Status:

Action Item Description:

Priority:

Assigned to:

Due Date:

Actions Taken:

Comments:

“Management &
Control Level”

Page: 6

Contingency
Command
Center (CCC)

Emergency
Operations
Center (EOC)
Date: 1/15/2014



Systems Development Life Cycle
•

Work Order Submitted by Client
–

•

Development Performed
–

•

Setup, Process, Verify Results, Deliver Output, perform Capacity and Performance reviews, generate
management reports.

Support
–

•

Library Management (Global Applications Catalog), Vital Records Management, Access Controls,
Documentation review and verification, Acceptance Testing.

Production Operations
–

•

Verify all required data and documentation is provided, Version and Release Management, Create
Turnover package and submit to Production Acceptance.

Production Acceptance
–

•

Create Testing Environment (real or virtual), Test scripts and test scenarios, Successful (document,
pass onto QA), if not (repair and retest until successful).

Quality Assurance
–

•

Business and Technical Reviews, Buy / Build Decision, Development Completed and Documented.

Testing Performed
–

•

User Information provided to Development Group.

Documentation (Messages and Controls, Job Run Books, Manuals, etc.), Problem / Incident
Management; Resolutions (Root Cause Analysis, Repair, and Documentation), Change Request.

Maintenance
–

Problem Resolution Implementation, Enhancements, New Technology or upgrades, Equipment
Refreshment, Update Global Applications Catalog.


Page: 7

Date: 1/15/2014



Page: 8

Date: 1/15/2014



SDLC Steps to Production


Page: 9

Date: 1/15/2014


Page: 10

Date: 1/15/2014



Systems Management Organization
IT & Business
Environments

Systems Management
and Controls (SMC)
Resource Management

Service Level
Management
Asset &
Inventory
Management

Configuration
Management

Support
Management

Application
Development
(SDLC)

Production
Acceptance

Business
Contingency
Management

Change
Management

Application
Maintenance

Production
Operations

Security
Management

Problem
Management

Capacity
Management

Application
Testing

Performance
Management

Quality
Assurance


Recovery Management

Systems Development
Life Cycle (SDLC)

Network
Management

Business
Recovery

Page: 11

(IT, Data, Physical)

Vital Records
Management

Risk
Management

Incident
Management

Disaster
Management

Date: 1/15/2014



Job Documentation Requirements and Forms Automation
New Product / Service Development Request Form Life Cycle
Documents are Linked to from Date Field

Development Request Form
Phase:

Date

User Information

_____________

Technical Justification

_____________

Build or Buy

_____________

Development (Build / Modify)

_____________

Test:

_____________

Documentation

_____________

Business Justification

Development:

Unit Testing

Documentation

_____________

Regression Testing

_____________

Quality Assurance

_____________

Production

_____________

Support (Problem / Change)

_____________

Maintenance (Fix, Enhancement)

_____________

Documentation

_____________

Recovery

_____________

Awareness and Training

_____________

Documentation

Data Sensitivity & Access Controls
IT Security Management System
Encryption
Vital Records Management
Data Synchronization
Backup and Recovery
Vaulting (Local / Remote)
Disaster Recovery
Business Recovery

·
·
·
·
·
·
·

Application Owner
Documentation & Training
Application Support Personnel
End User Coordinators
Vendors and Suppliers
Recovery Coordinators
Testing Results

Documentation

Main Documentation Menu

·
·
·
·
·
·
·
·
·

Quality Assurance:

_____________


Development Request Form Number
Business Need
Application Overview
Audience (Functions and Job Descriptions)
Business / Technical Review Data
Cost Justification
Build or Buy Decision
Interfaces (Predecessor / Successor)
Request Approval

Testing:

_____________

System Testing

Link to
Documents

·
·
·
·
·
·
·
·
·

·
·
·
·
·
·

Application Setup
Input / Process / Output
Messages and Codes
Circumventions and Recovery
Recovery Site Information
Travel Instructions

Sub-Documentation Menus
Page: 12

Date: 1/15/2014



Information Accounting and Charge-Back System Concept
By utilizing Work Order (WO) and Purchase Order (PO) concepts, it is possible to track and bill clients for
their use of Information Technology services associated with development and maintenance services. This
concept is presented below:
User Name: ____________________
User Division: ___________
User Identifier _______
Work Order #: __________________
Date: ___________
For: _________________________
Purchase Order Phases:
PO for: Development, or Maintenance
Cost: $ _____________
PO for: Testing
Cost: $ _____________
PO for: Quality Assurance
Cost: $ _____________
PO for: Production Acceptance
Costs $ ____________
PO for: Production (on-going)
Cost: $ _____________
PO for: Vital Records Management
Cost: $ _____________
PO for: Asset Management (Acquisition, Redeployment, Termination)
Cost: $ _____________
PO for: Inventory and Configuration Management
Cost: $ _____________
PO for: Information and Security Management
Cost: $ _____________
PO for: Safe Workplace Violence Prevention
Cost: $ _____________
PO for: Recovery Management
Cost: $ _____________
PO for: Documentation and Training
Cost: $ _____________
PO for: Support and Problem Management
Cost: $ _____________
PO for: Change Management
Cost: $ _____________
PO for: Version and Release Management
Cost: $ _____________
Total Cost: $ _____________
Bill can be generated via Forms Management, Time Accounting, or Flat Cost for Services. This system can be used to
predict costs for future projects and help control expenses and personnel time management.

Page: 13

Date: 1/15/2014



Application Recovery Certification
•

Select Application to be Certified
–
–
–

•

Develop Application Profile to Update Global Application Catalog
–
–

•

Steps to be followed by Application Recovery Team.

Complete Post-Test Activities Form
–

•

Used to provide Site Replication and Data Synchronization for Testing Application Recovery Certification (CA, HA, Best Effort).

Complete Actual-Test / Activation Work Activities Form
–

•

Provide Form to Recovery Team so they can insure Recovery Site can support Production requirements, and updatedata synchronization
to best meet Recovery Point Objective (when snapshots are taken) and Recovery Time Objective time needed to restore data to pnt of
failure so that production processing can resume).

Complete Pre-Test / Activation Staging form
–

•

Contains Recovery Preparation, Set-up, processing, and Post Mortem phases of Application Recovery Certification.

Complete Infrastructure Readiness Records
–

•

Capacity and Performance Requirements, Tier Change, Updated Recertification date.

Create Application DR Exercise / Activation Exercise Booklet
–

•

New Resources, new SME names, New Management Names;
New Application Recovery Certification dates, and New Compliance Requirements.

Update Application Inventory Record
–

•

From Global Application Catalog by: Region, Tier; Criticality, Compliance, and Last Time Certified;
Recertify applications that have gone through a maintenance upgrade;
Based on Growth or New Technology.

Contains: Actual Times for Recovery and compares them to Estimated Times projected, Encountered Errors, and Comments.

Conduct a Post Mortem Meeting
–
–
–
–

A Management Report and Presentation is provided to meeting attendees that is Used to review Recovery Test / Activation;
Obtain recommendations for improvement, then select recommendations for implementation;
Implement selected improvements and retest recovery procedure to measure improvements;
Update Recovery Procedures and train personnel on new process.


Page: 14

Date: 1/15/2014



Application Recovery Certification Flow
The Road to Successful Recovery Certification

Ready for
Testing

Test

Gaps & Exceptions

Success

Failure

Obstacles & Impediments

Recovery Plans and
Personnel Procedures
need improvement

CA Gold
Standard

Mediate

Mitigate

Compliance to
Country Laws and
Regulations

HA Recovery
Certification

Infrastructure &
Suppliers capable of
supporting needs

Hardware capable of
supporting workload
processing

Software capable of
supporting workload
processing

Testing Failure Loop, until Successful Recovery Certification

Ready for
Re-Testing

Problem
Repaired
Page: 15

Date: 1/15/2014



Reporting on Recovery Certification
Company Operations

Technical Services

Executive Management

Compliance Reporting

Chief Executive
Officer (CEO)

Application
Certification

Operations
Recovery Manager

Operations
Recovery Manager
- Extract Information,
- Risk Assessment (RA),
- Business Impact Analysis (BIA),
- Define HA / CA Services,
- Identify Gaps and Exceptions,
- Define Obstacles that impede
recovery,
- Generate a Loss / Prevention
Report,
- Submit Report to Management.

Technical
Recovery Manager
- Review / Combine Information,
- Review Operations Reports,
- Data Security & Vital Records,
- Access Controls,
- Library Management,
- Production Acceptance,
- Version and Release Management,
- Define HA / CA Services,
- Application Recovery Certification,
- Business Continuity,
- Disaster Recovery,
- Emergency Management,
- Awareness, Training, and Testing,
- Create all required documentation,
- Standards and Procedures.

Chief Financial
Officer (CFO)
- Validate Information,
- Establish Reporting Criteria,
- Gather data and report,
- Review Reports,
- Attest to their accuracy,
- Submit Reports.

Business
Recovery
Plans
Disaster
Recovery
Plans
- Report Information,
- Submitted Quarterly,

- Attested to Annually,
- Reviewed by SEC and
other agencies to insure
compliance.

The Recovery Management and Corporate Certification process includes office Recovery Managers and Technical Recovery
Managers to gather information, compile global data into Recovery Plans, and then generate Management Report that can
be used to “Attest” to compliance to recovery and regulations needed for the company to be certified.


Page: 16

Date: 1/15/2014



Personnel Productivity and Training
(Responsible for assigning work tasks to the right person at every project phase, while
ensuring that skill requirements are met and the highest possible quality is achieved)


Page: 17

Date: 1/15/2014



Personnel and Work Flow Management


Page: 18

Date: 1/15/2014



Data Synchronization and Recovery Operations using Cloud Based Hosting
Real Time Data Replication
Synchronized Recovery Data
Router

Local
Users

Recovery
Site
Hosting
Cloud

Internet
Firewall
Primary
Servers

Firewall

Remote Users

Replicated
Servers

Users are normally connected to the Primary Site, while data is synchronized in real-time with Cloud Hosting site. When
disaster event occurs, users can access the replication site without interruption or loss of data.

Page: 19

Date: 1/15/2014



Overview of the Enterprise Information Technology Environment
Physically Transported
Using Tape
Only Encryption
·
·
·
·

Customers;
Credit Bureaus;
Feed-Files; and,
Other Locations.

Physical /
Cloud

Remote
Tape / Data
Vault
·
·
·

Physical
/ Virtual
Remote
Locations

Electronic Vaulting;
Incremental Vaulting; and,
Electronic transmission to
Disaster Recovery Site

Disaster
Recovery Site

Encrypting Data-InMovement will protect
data being transmitted to
remote sites

Electronic
Transmission

Local
Tape / Data
Vault

Local
Tape / Data
Vault

Electronic
Transmission

Open Network
With
Multiple Access Points

Local
Sites

Encryption of “Data at Rest”
to Provide Total Protection

Local
Sites

Production
Site #2

Production
Site #1

IT Locations
End User
“Work Order”
to create a new
Product or
Service

Cloud
Computing

Company
Data

Systems Development Life Cycle (SDLC)
New
Applications

Business Locations


Development

Send Approved
Applications
To Production
Acceptance

Testing and
Quality
Assurance

Problem Resolution
And
Enhancements

Maintenance

Development And Maintenance Environments

Page: 20

Date: 1/15/2014



Migration Pathway and Goals
(Can apply to Site Consolidations or Recovery Site migrations)
Applications are identified, evaluated, rated, scheduled, and moved from originating site to target site

Migration Path

Originating
Site
• Originating
data center(s)

Decommission
Originating
Site

Applications
Migration
Schedule

Applications
Tier 1 – Tier n
• Rate Applications for
Movement by Tier / Group
• RTO Support Artifacts
• Infrastructure Needs
• Resource Needs
• Gap & Exceptions
• Obstacles
• Mitigate / Mediate
• Validate Ability to Move
• Validate Target Site Ability
to Accept / Support

Y

Page: 21

N

•
•
•
•
•
•
•
•
•
•

Movement

Target Site

Movement
Testing
Quality Assurance
Production
Vital Records
Access Controls
Recovery Planning
Acceptance
Turnover

• Target
data
center(s)

Complete
?
Date: 1/15/2014



Can be sorted by: Equipment Type,
Disposition, Date, or Location

Asset Management Disciplines
“Dispose of Surplus equipment after Migration to
Target Data Center(s) to reap profit from sales,
return of equipment storage space, and personnel.”

Start

Pick-Up List
Equip. Type:
PC
PC
PC

Disp:
A
R
T

Location:
Bldg 3, Rm 203
Bldg 1, Rm 405
Bldg 2, Rm 501

Disposition = ‘A’
Acquire
Equipment

Purchase
Order

Install
Equipment

Add to
Master Inventory

Master
Inventory

Equipment is being Actively used

N, Exceptions List Generated

Disposition = ‘R’
Re-deploy
Equipment

Work
Order

Equipment is moved to new location

Disposition = ‘T’
Terminate
Equipment

Work
Order

Compare to
Master Inventory

Pick-Up
Inventory

Service
Order

Perform
Services
Ready-to-Sell
Inventory

Equipment is Sold or Disposed of

End

Y

Warehouse
Inventory

Service
Order
Purchase
Release
Order
Form
Marketing & Sales

Finance
Form

Complete Asset Life Cycle from Acquisition
through Re-Deployment and Termination

Archive
Page: 22

Date: 1/15/2014



Inventory Management Environment
Client
Request

Purchase
Order

Acquire
Asset (*1)

Add to
Inventory

Inventory
Data Base
All Assets

Client
Invoice
Work
Order

Install
Asset (*2)

Add to
Configuration

Work
Order

Redeploy
Asset (*3)

Update
Configuration

Work
Order

Terminate
Asset (*4)

Update Asset &
Configuration

Assets,
by Site
Configuration
Data Base

*1 – Purchased Equipment as per guidelines (Leased, Owned, Rented, Type, and Vendor).
*2 – Infrastructure Group schedules and installed Asset.
*3 – Assets are moved from one location to another or reassigned to staff with work performed by the Infrastructure Group.
*4 – Asset are terminated and data erased in accordance to DoD data erasure standards, then equipment is disposed or or donated in accordance to
EPA guidelines and requirements.


Page: 23

Date: 1/15/2014



Incident / Emergency Management Operations Environment
Relationship between EMG and EOG during an emergency
Emergency Management Group (EMG)

Emergency Operations Group (EOG)

Facility Manager

Emergency Director

Human Resources
Coordinator

Security Coordinator

Environmental
Coordinator

Safety and Health
Coordinator

Public Relations
Coordinator
·
·
·

Affected Area / Unit
Manager / Supervisor

Planning & Logistics
Coordinator

Incident Manager

Maintenance
Coordinator

Safety Officers

Operations Officers

Emergency Medical
Technicians Team
·
·
·
·
·
·
·

Provide specific support activities for disaster events;
Coordinate information with Personnel, Customers, and Suppliers; and
Optimize Recovery Operations and Minimize Business Interruptions.

Central / Corporate Incident Management


Fire / Hazmat
Fire Brigade

Evacuate site if necessary;
Assess Damage and report to Emergency Director;
Provide First Aid to personnel;
Coordinate activities with First Responders and follow their lead;
Initiate Salvage procedures;
Perform site restoration and coordinate return to site; and
Recommend improvements going forward.

Local Incident Management

Page: 24

Date: 1/15/2014



Problem Management and Circumvention Techniques


Page: 25

Date: 1/15/2014



Fully Integrated Recovery Operations and Disciplines (Physical End Goal)
Private Sector
Preparedness Act
(Domestic
Standard)

CERT Resiliency
Engineering
Framework

BS 25999 / ISO
22301
(International
Standard)

National Fire
Prevention
Association
Standard 1600

OSHA,
DHS, OEM,
Workplace
Safety

Contingency
Command
Center

Incident
Command
Center

Corporate
Certification

Workplace
Violence Prevention

Lines of
Business

Locations

Information Security
Management System (ISMS)
based on ISO 27000

Emergency
Operations Center
(EOC)

Emergency
Response
Management

State and Local
Government

First Responders
(Fire, Police & EMT)
Employees

Suppliers

Department of
Homeland Security
(DHS)

Command
Centers

Help
Desk

Operations
Command
Center

Network
Command
Center

Business Continuity
Management

Risk
Management

Disaster and
Business
Recovery

Business
Integration

Service Level
Agreements and
Reporting

Systems
Development
Life Cycle

COSO / CobIT /
ITIL / FFIEC
Workplace
Violence
Prevention
ISO2700
Security
Standards

Customers

Office of Emergency
Management
(OEM)


Crisis
Management

Six Sigma /
Standards and
Procedures

Page: 26

A fully integrated recovery organization will include
the components shown in this picture.
Corporate Certification is achieved through the
compliance laws and regulations used to provide
domestic and international guidelines that
enterprises must adhere to before they can do
business in a country.
Workplace Violence Prevention and Information
Security is adhered to by implementing guidelines
to protect personnel and data by following the
latest guidelines related to these topics.
Internal command centers responsible for
monitoring operations, network, help desk, and
the contingency command center will provide vital
information to the Emergency Operations Center
staff.

Organizational departments, locations, and
functions are identified and connections provided
to the EOC so that communications and
coordination can be achieved in the most accurate
and speedy manner.
Using this structure will help organizations better
collect recovery information and develop recovery
operations to lessen business interruptions and
protect the company’s reputation.
Date: 1/15/2014



Responding to Disaster Events
Security must be maintained at all times by cooperation with First Responders during disaster event

Disaster Event
Disaster
Event

First
Responders

Declare
Disaster

Site Salvage

Site Restoration

Activate Recovery Plan and
go to secondary site

Process at
Secondary Site

Return
to Site

Resume
Operations

Return
to Site

Coordinating recovery operations with the First Responders, Security, Salvage, and
Restoration is a critical factor in recovery planning and should be included in all recovery
planning procedures.
Additional considerations include Insurance and Claim Processing, media
communications, and coordination with government organizations and companies near
your facility that may be affected by the disaster event.
Being a good neighbor is important to protect your reputation and show good will.

Page: 27

Date: 1/15/2014



Types of Recovery Plans and their Sections
Recovery Plan Sections:

Contingency
Command
Center

Security
Salvage

Incident Recovery Plan

•
•
•
•
•
•
•

Disaster Recovery Plan

•
•
•
•
•
•

Restoration
•
•


Coordinator Leads Operation;
Validate & Accept Assignment;
Declaration & Notification;
Initiate Call Tree;
Formulate Recovery Teams;
Activate Recovery Plans;
Monitor and Track Recovery
Tasks and Status;
Report;
Complete Recovery Operations;
Process at Secondary Site;
Coordinate Primary Site
Protection, Salvage, and
Recovery;
Return to Primary Site;
Resume Processing at Primary
Site;
De-Activate Secondary Site; and
Perform Post-Mortem and make
needed corrections.

Page: 28

Business Recovery Plan
Application Recovery Plan
Supplier Recovery Plan
Primary Site Recovery Plan:
• Protection,
• Salvage and Restoration,
• Process Resumption.
Alternate Site Recovery Plan:
• Travel and Activate Start-Up,
• Assume Production,
• Return to Primary Site,
• De-Activate.
Date: 1/15/2014



Activating and Coordinating Disaster Recovery Plans
Site Protection, Salvage, & Restoration

Problems &
Incidents
Network
Problems

Production
Operations
Problems

NCC

Major
Incidents &
Problems

Notified by Help Desk of Recovery Need:
•
•
•
•
•

Verify Problem and Match to Recovery Plan;
Notify Contingency Plan Coordinator;
Activate Plan and Perform Tasks;
Operate at Contingency Site;
Coordinate Production Site Protection,
Salvage and Restoration;
• Return to Production Site; and,
• Continue Production Operations.

ICC

OCC

Coordinate
Recovery
Teams

Contingency
Command Center

Problem
Library

Help Desk
Recovery
Library

Emergency
Operations Center

Level
1

Level
2

Level
3

Level
“D”

Local
HD
Repair

Local
SME
Repair

Vendor
Repair

Select
Recovery
Plan


Page: 29

Coordinate
Company
Operations

Communicate Recovery Operations with:
• Executive Management;
• Lines of Business, Personnel, Clients,
Vendors, Supply Chain, and Workplaces;
• Command Centers;
• First Responders and Community Agencies;

• Companies close-by and the News.
Date: 1/15/2014



How to get started Implementing this Project
• Presentation to your management and technical staffs.
• Agree that you want to achieve Enterprise Resiliency
and Corporate Certification.
• Perform a Risk Assessment that will define your needs.

• Obtain management approval to initiate the project with
their strong support.
• Identify Stakeholders and Participants.
• Formulate teams and train them on the goals and objectives of this project.

• Create a detailed Project Plan and start teams working.
• Develop, Test, Implement “Proof of Concept”, and gain approval to go forward.
• “Rollout” Enterprise Resiliency and Corporate Certification to all locations.
• Fully document and Integrate within the everyday staff functions performed.
• Deliver Awareness and Training services.
• Provide Support and Maintenance services going forward.

Page: 30

Date: 1/15/2014



Fully Integrated Resiliency Operations and Disciplines (Logical End Goal)
Contingency
Command
Center (CCC)
Incident
Command
Center (IC)

Command
Centers

Workplace
Violence
Prevention

Help Desk
(HD)

Emergency Operations
Center (EOC)

OSHA, OEM,
DHS

Emergency
Response
Management

Lines of
Business
Locations,
Employees,
Infrastructure,
Equipment,
Systems,
Applications,
Services,
Supplies,
Customers,
RTO, RPO, and
RTC.

Office of the
Controller of
the Currency

National Fire
Prevention
Association
1600 Standard

Information Security
Management System (ISMS)
based on ISO27000

Corporate
Certification

•
•
•
•
•
•
•
•
•
•

ISO22313 and
ISO22318
(International
Standard)

CERT Resiliency
Engineering
Framework, ITIL
and COSO

Private Sector
Preparedness Act
(Domestic
Standard)

•
•
•
•
•

State and Local
Government,
First Responders (Fire,
Police, & EMT),
Department of
Homeland Security
(DHS),
Office of Emergency
Management (OEM),
Local Community.


Operations
Command
Center (OCC)

Business
Continuity
Management
•
•
•
•
•
•
•
•

Risk Management (COSO),
Disaster Recovery,
Business Continuity,
Crisis Management,
Emergency Management,
Workplace Violence
Prevention,
Failover / Failback,
Protection, Salvage &
Restoration.

Page: 31

Business
Integration
•
•
•
•
•
•

Network
Command
Center (NCC)

Service Level Agreements (SLA)
& Reporting (SLR),
(SDLC),
CobIT, ITIL, and FFIEC,
ISO Guidelines,
Audit and Human Resources,
Six Sigma or Equivalent for
Performance and Workflow
Management

Date: 1/15/2014



How Dashboards Help
• Improved efficiency by providing instant access to current and accurate information
from any authorized terminal or personal computer;
• Less time spent reviewing out-of-date or inaccurate information;
• Improved time frame for completing projects;

• Reduced costs associated with implementing projects;
• Better protection to the company reputation;
• More highly trained staff with an improved morale;
• Easier to retain and recruit clients;
• Adherence to the laws and regulations where the company conducts business; and,

• Less stress and better performance helps everyone do their job better.

Page: 32

Date: 1/15/2014



Conclusions
•

Enterprise Resiliency and Corporate Certification will build an efficient, safeguarded, and
compliant environment that best supports continued business operations and the company
reputation.

•

Many people are involved with planning, implementation, support, and maintenance, so
awareness is high and training can be easily achieved.

•

A well trained and loyal staff will best support retention and recruitment of personnel and
clients, while supporting future growth and an industry reputation as an excellent company.

•

SLA / SLR and Client Contract management will be more easily achieved, thereby producing a
happier client and support for future growth through accomplishments and references.

•

Use of “Best Practices” will better guaranty success, while protecting management’s decision
to implement a state-of-the-art production, compliant, and recoverable environment.

•

Use of the latest Data Management technology will support recovery time requirements,
while allowing for off-line testing of maintenance and recovery operations.

•

Integration of Systems Management, Workflow Management, and a Charge-Back System will
provide monitoring and control over costs, while developing a repository of accomplished
work that can be referenced when planning similar projects.

•

Integration of the Emergency Operations Center (EOC) with Command Centers, Lines of
Business, and Recovery Operations will enhance the information provided to Executive
Management and allow them to better communicate with clients and assist with expediting
resumption of business operations.


Page: 33

Date: 1/15/2014

Optimizing the it and business environment through dashboards

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Ähnlich wie Optimizing the it and business environment through dashboards

Ähnlich wie Optimizing the it and business environment through dashboards (20)

Mehr von Thomas Bronack

Mehr von Thomas Bronack (14)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Optimizing the it and business environment through dashboards