Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY
DISASTER RECOVERY PLAN IMPLEMENTATION EXPERIENCE:
A GOVERNMENT AGENCY’S PERSP...
Contents
• BCM/DRP
 Fundamentals
• BCM/DRP in MITI
 Introduction to MITI
 Quick Assessment
 Scope
 Objectives
 Strat...
What Is a Disaster ?
Any natural or man-made event that disrupts the business in
such a significant way that a considerabl...
What is BCM?
• Holistic management process for identifying potential
impacts from threats and for developing response plan...
What is DRP?
A Disaster Recovery Plan is a documented
process or set of procedures to recover
and protect business-related...
BCP and DRP
 BCP
Activities required to
ensure the continuity
of critical business
processes in an
organisation
Alterna...
What is MTD?, RTO? & RPO?
• Maximum Tolerable Downtime (MTD)
– Maximum time that a business process can be
inoperative/una...
About MITI
• Vision
To make Malaysia the preferred investment destination and
among the most globally competitive trading ...
Quick Assessment
1. Are you concerned that your normal business operations may be interrupted by a
natural or human-caused...
Scope
Trade Facilitation Information System
SERVICE PROVODER
AGENCY-2
DATABASE-1
SYSTEM-1 SYSTEM-2
AGENCY-1
MITI
EXTERNAL ...
To:
• Minimize effects of a disaster – downtime and
data loss
• Improve service availability and reliability
• Improve pro...
BCM Framework (DRP Project)
Act Plan
DoCheck
Project
Management
Risk Analysis and
Review
Testing and
Exercising
Programme
...
OUR STRATEGY
DRP
BCM
ISMS
RM
How BCP/DRP Support Security?
protecting information from
being changed/tampered by
unauthorised parties.
refers to the AV...
DRP Roadmap: STAGE 1 (PLAN):
ESTABLISHING THE DRP
Understanding Organization
• Understand the organization’s Mission, Visi...
Phase
2
BUSINESS IMPACT ANALYSIS
Activities :
 Workshop / Survey to collect data on Systems / Infrastructure /Functions
...
Phase
3
RECOVERY STRATEGY
Activities :
 Determine Maximum Tolerable Downtime (aligned with client charter for the identif...
DRP Roadmap: STAGE 3 (Check):
Testing & Exercising
Document
Review
• Review Readiness
• Regular review of
plans, procedure...
DRP Roadmap: STAGE 4 (ACT):
MAINTAIN AND IMPROVE THE DRP
Assess the
outcome of the
simulation exercise
(what went
right/wr...
Challenges
• Commitment & Support from all parties involved (multi-
agencies/vendors/teams/users)
• Planning & Coordinatio...
Key Success Factors
• Well defined scope, requirements
• DR Plan – Policy, Procedures, Structure, Ownership, Roles
& Respo...
Lessons learned
• Dedicated group
• Proactive Preventions
• Buy–ins from Top management
• Planning & Readiness*
• Awarenes...
DR Plan Implementation Experience: A Government Agency's Perspective by Inthrani Shammugam, Director of IT Div., MITI
DR Plan Implementation Experience: A Government Agency's Perspective by Inthrani Shammugam, Director of IT Div., MITI
DR Plan Implementation Experience: A Government Agency's Perspective by Inthrani Shammugam, Director of IT Div., MITI
Nächste SlideShare
Wird geladen in …5
×

DR Plan Implementation Experience: A Government Agency's Perspective by Inthrani Shammugam, Director of IT Div., MITI

427 Aufrufe

Veröffentlicht am

World Continuity Congress conference on 7th October 2015 at Pullman Putrajaya Lakeside by BCM Institute

Veröffentlicht in: Präsentationen & Vorträge
  • Als Erste(r) kommentieren

DR Plan Implementation Experience: A Government Agency's Perspective by Inthrani Shammugam, Director of IT Div., MITI

  1. 1. MINISTRY OF INTERNATIONAL TRADE AND INDUSTRY DISASTER RECOVERY PLAN IMPLEMENTATION EXPERIENCE: A GOVERNMENT AGENCY’S PERSPECTIVE INTHRANI. S
  2. 2. Contents • BCM/DRP  Fundamentals • BCM/DRP in MITI  Introduction to MITI  Quick Assessment  Scope  Objectives  Strategy  The Journey/Roadmap  Challenges  Key Success Factors  Lessons Learned • Q & A
  3. 3. What Is a Disaster ? Any natural or man-made event that disrupts the business in such a significant way that a considerable and coordinated effort is required to recover and resume business. • Geological: earthquakes, volcanic eruption, tsunamis and landslides • Meteorological: hurricanes, tornados, wind storms, hail, ice storms, snow storms, rainstorms, and lightning • Others: avalanches, fires, floods, meteors and meteorites, and solar storms • Health: widespread illnesses and pandemics • Labour: strikes, walkouts, and slow-downs that disrupt services and supplies • Social-political: war, terrorism, sabotage, vandalism, civil unrest, protests, demonstrations, cyber attacks, hacking, denial of services (DOS). • Others: fires, haze, stampedes, material spills • Utilities: power failures, communications outages, water supply shortages, fuel shortages, etc
  4. 4. What is BCM? • Holistic management process for identifying potential impacts from threats and for developing response plans • Provides a framework for building resilience and the capability for an effective response • Safeguards the interests of an organization's key stakeholders, reputation, brand and value creating activities • 1 plan 4 all Not only RECOVERING CRITICAL FUNCTIONS from DISASTER but also ensuring that they CONTINUE FUNCTIONING IMMEDIATELY in the event of a disaster - BCMI
  5. 5. What is DRP? A Disaster Recovery Plan is a documented process or set of procedures to recover and protect business-related IT infrastructure in the event of a disaster. It is associated with IT assets. BUSINESS CONTINUITY DISASTER RECOVERY
  6. 6. BCP and DRP  BCP Activities required to ensure the continuity of critical business processes in an organisation Alternative personnel, equipment, and facilities Often includes non-IT aspects of business  DRP Assessment, salvation, repair, and eventual restoration of damaged facilities and systems Often focuses on IT Assets
  7. 7. What is MTD?, RTO? & RPO? • Maximum Tolerable Downtime (MTD) – Maximum time that a business process can be inoperative/unavailable before significant damage • Recovery Time Objective (RTO) – Period of time from disaster onset to resumption of critical business function • Recovery Point Objective (RPO) – The point in time before a disaster up to which system and data must be recovered
  8. 8. About MITI • Vision To make Malaysia the preferred investment destination and among the most globally competitive trading nations by 2020. • Mission To promote and strategise Malaysia's global competitiveness in international trade by producing high value added goods and services. To spur the development of industrial activities towards enhancing Malaysia's economic growth for achieving a developed nation status by 2020 • Objective of ICT Division To make Information Communication Technology (ICT) as the strategic enabler to achieve MITI’s Vision and Mission
  9. 9. Quick Assessment 1. Are you concerned that your normal business operations may be interrupted by a natural or human-caused disaster? (Y / N / Unsure) 2. Have you determined what parts of your business need to be operational as soon as possible following a disaster, and planned how to resume those operations? (Y / N / Unsure) 3. Do you and your employees have an emergency response plan in place to help assure your safety and to take care of yourselves until help can arrive? (Y / N / Unsure) 4. Could you communicate with your employees if a disaster happens during working hours or after working hours? (Y / N / Unsure) 5. Are you able to access the vital records/information for your business operations in an event of disaster? (Y / N / Unsure) 6. Do you have plans to stay open for business and continue with your services, even if you cannot stay in or reach your place of business? (Y / N / Unsure)
  10. 10. Scope Trade Facilitation Information System SERVICE PROVODER AGENCY-2 DATABASE-1 SYSTEM-1 SYSTEM-2 AGENCY-1 MITI EXTERNAL USERS MITI PORTAL SINGLE SIGN ON DATABASE-2 SYSTEM-3 INTERNAL USERS WEB
  11. 11. To: • Minimize effects of a disaster – downtime and data loss • Improve service availability and reliability • Improve processes / procedures • Improve maturity & resilience • Improve organisational image and reputation • Enhance customer trust • Gain marketplace advantage MITI’s DRP Objectives
  12. 12. BCM Framework (DRP Project) Act Plan DoCheck Project Management Risk Analysis and Review Testing and Exercising Programme Management Business Impact Analysis Recovery Strategy Plan Development
  13. 13. OUR STRATEGY DRP BCM ISMS RM
  14. 14. How BCP/DRP Support Security? protecting information from being changed/tampered by unauthorised parties. refers to the AVAILABILITY of information to authorised parties, only when requested protecting information from being disclosed to unauthorised parties. BCM/DRP directly supports AVAILABILITY
  15. 15. DRP Roadmap: STAGE 1 (PLAN): ESTABLISHING THE DRP Understanding Organization • Understand the organization’s Mission, Vision, Objective, BCMP’s Scope & Criteria DRP Scoping • Define Scope Objective and Boundaries in line with organization’s BCMP Management Approval & Support • Project approval, approach, timeline, policy Establish Project Structure • Project Team, term of reference, understanding, relevant training
  16. 16. Phase 2 BUSINESS IMPACT ANALYSIS Activities :  Workshop / Survey to collect data on Systems / Infrastructure /Functions  Analysis on collected data  Identification of critical systems / infrastructure / functions  Assessing the risk impact on critical systems / infrastructure /functions  Determine Maximum Tolerable Downtime (aligned with client charter for the identified critical functions/system/SLA) RISK ANALISYS AND REVIEW (Identification, Assessment, Response Development & Control) Activities :  Workshop / Survey to collect data on potential risks  Analysis on collected data  Identification of risk factors  Determine likelihood, impact and expose level of risks identified  Prioritizing of risks based on exposure level  Mitigation & Monitoring Phase 1 DRP Roadmap: STAGE 2 (DO): IMPLEMENT AND OPERATE THE DRP
  17. 17. Phase 3 RECOVERY STRATEGY Activities :  Determine Maximum Tolerable Downtime (aligned with client charter for the identified critical functions/system/SLA)  Determine Recovery Time Objective (RTO) & Determine Recovery Point Objective (RPO)  Determine DR options (Hot / Warm / Cold)  Determine the backup strategy  Determine resources requirements  Procurement Process Phase 4 PLAN DEVELOPMENT Activities :  Recovery Team/Backup Structure, Roles & Responsibilities  Notification (Stakeholders, Users, Customers, Authorities, etc)  Communication (WhatsApp/Email/Portal/Agencies’ Website/Blog/Twitter/Facebook)  Regular meetings with all parties involved  Training / Education / Awareness(everyday operations, recovery/emergency/resumption procedures)  PM Activities for Systems, Infrastructure, Functions (frequency)  Testing/Exercising & Review (frequency)  Alternative Workspace (Hardware/Network & other facilities)  Logistic & Supply  Who, What, When, Where & How DRP Roadmap: STAGE 2 (DO): IMPLEMENT AND OPERATE THE DRP
  18. 18. DRP Roadmap: STAGE 3 (Check): Testing & Exercising Document Review • Review Readiness • Regular review of plans, procedure, changes (organisation structure, architecture, service providers, users, operations, etc) • feedback from document owners, etc • network connection (multiple site, workspace) • Hardware • Application • back-up Unit/Component Test • Full Rehearsal with checklist Walkthrough (Dry Run) • Back-up • Production systems shut down • Movement to DR site • Restoration • Network & Systems test (full cycle ) •Back-up •Movement to primary site •Restoration •Testing •Business Resumption at primary site Full Scale Simulation
  19. 19. DRP Roadmap: STAGE 4 (ACT): MAINTAIN AND IMPROVE THE DRP Assess the outcome of the simulation exercise (what went right/wrong) Perform appropriate correction, corrective and preventive actions Continual Improvement • Simulation Report • Assess Readiness • Analyse Issues • Recommendations • Correction • Corrective • Preventive Action • Awareness • Continual Improvements
  20. 20. Challenges • Commitment & Support from all parties involved (multi- agencies/vendors/teams/users) • Planning & Coordination • Rules & Regulations (physical/logical access) • Readiness (Test & Resumption) • Mindset • Education & Awareness (new staff) • Acculturation • Skills, Knowledge and Expertise
  21. 21. Key Success Factors • Well defined scope, requirements • DR Plan – Policy, Procedures, Structure, Ownership, Roles & Responsibilities • Project Team (Competency, Skill & Literacy) • Simulation Test Leadership, Coordination, Time line, Checklist (4W&1H), Communication, Logistic, Postmortem & feedback • Close monitoring and management • Commitment & Support (All levels/parties) • Communication & awareness • Teamwork
  22. 22. Lessons learned • Dedicated group • Proactive Preventions • Buy–ins from Top management • Planning & Readiness* • Awareness & training • Communication • Teamwork

×