IT-centric business continuity planning aims to align IT recovery with business needs. It recognizes that while disaster recovery focuses on restoring IT systems, business continuity prioritizes maintaining business processes. The approach involves business leaders and IT leaders collaboratively assessing risks, mapping processes, developing strategies to restore critical systems based on business priorities, and creating plans to guide response and recovery. Regular testing and updates are needed to ensure plans remain effective over time.

1. IT-Centric Business Continuity:
Aligning IT with Business Needs
Steve Susina
March 11, 2010

2. IT / Business Balance - GAP
IT Leadership LOB Leadership
Knowledge of IT Systems Understanding The Business
Laurus Technologies Confidential

3. Business Continuity:
More than Simply an IT Initiative, Why?
Executive Responsibility
• Organizational leaders are being held increasingly legally responsible
for the well being of their organizations
Regulation & Compliance
• The Board of Directors and enterprise executives, not just IT
executives, are responsible for compliance (SOX, GLBA, Patriot Act,
OSHA, EPA, HIPPA, etc.)
Data Center is Only a Piece of the Puzzle
• There are separate risks that need to be considered other than loss of
the data center
What Do We Do While IT is Not Operational?
• Technology recovery does not address or prioritize the business
requirements needed to sustain an organization’s continuing
operational issues after or during a disaster
Enterprises are realizing that each operational unit
needs to take ownership and participate in the planning.
3 Laurus Technologies Confidential

4. Contingency Planning:
Why Plan for an Incident?
To STAY IN BUSINESS
To ensure that your business continues to serve its
stakeholders
To ensure that your business meets its business
objectives
To ensure your enterprise is not critically impacted
by an incident (or disaster)
4 Laurus Technologies Confidential

5. Business Continuity vs.
Disaster Recovery
Business Continuity
Planning (BCP):
Focus is on planning for
recovery strategies that address
continuity of the greater
business under a variety of risk
scenarios, inclusive of the loss
of data center services
Disaster Recovery
Planning (DRP):
Focus is on planning for the
restoration of data center
services (technology recovery)
Disaster Recovery focuses on data center restoration.
Business Continuity centers on maintaining business process.
5 Laurus Technologies Confidential

6. Why are IT Leaders Spearheading these
Efforts?
> Their role is often central to all business
processes
> They have more exposure to contingency
planning than many other departments
because of their natural thought processes
toward data and systems recovery/
redundancy
6 Laurus Technologies Confidential

7. What Happens When Contingency
Planning is Thrown to IT Leadership?
> IT Leadership can determine a strategy in a
vacuum and take a Disaster Recovery (DR)
approach without much analysis of the business
needs
OR
> IT Leadership can involve the business to
determine a comprehensive Business Continuity
(BC) plan and strategy
There is a role for IT Leaders in BCP.
We call this IT-Centric Business Continuity.
7 Laurus Technologies Confidential

8. IT-Centric Business Continuity:
The Middle Ground
Addresses
restoration of
Mission Critical IT
Infrastructure,
LINKED TO …
The Continuation
of Mission
Critical
Processes when
a data center is
lost
8 Laurus Technologies Confidential

9. The Planning Continuum
9 Laurus Technologies Confidential

10. Step 1: Business Objectives
Start with Business Discussions
> Each business is different; identify the stakeholders
(internal business units, customers, shareholders, etc.)
> Are there any overlying principles/regulations in the
organization?
> Meet with business departments; determine what their
needs and objectives are
> What are their mission critical functions?
> RPO/RTO basis for successful solution
IT Leader Role: Provide Systems Lists as a
Basis for Discussion
10 Laurus Technologies Confidential

11. Step 2:
Inventories & Process Mapping
Involve all critical parts of the organization
> Start with systems lists and equipment inventories as a basis of
discussion
> Determine/map key processes for critical business functions
and determine their reliance upon data center services
> Revenue generating processes, those that support revenue
generation, or those that involve compliance initiatives typically
receive priority
> IT, Finance, other primary business units
> Legal - regulatory and contractual obligations
> Help Desk - use patterns, customer expectations
> Each business unit/department uses data differently
IT Leader Role: Facilitate business process
discussions
11 Laurus Technologies Confidential

12. Step 3:
Business Risk & Impact Analysis
What is the impact of critical risks?
> Determine impact in terms of business interruption (number
of days) and in financial terms
> Some analyses are Qualitative (general estimate of loss)
and others Quantitative (analytical measurement of loss)
> The key is getting to consensus around priority of systems,
and realistic recovery requirements so that a contingency
planning strategy can be developed in terms of RTO and
RPO.
IT Leader Role: Facilitate impact analysis
12 Laurus Technologies Confidential

13. Step 4:
Strategy Development
Overall - Avoid Complexity
> Strategy must meet the business criteria
> Business owners often uninterested in technology
> Transparency and clarity for intended audience; speak in terms
of business (restoration of business processes to serve
stakeholder needs)
> At the end of the day, …. this is really about a risk trade-off
between the cost of implementing a mitigation/contingency
strategy vs. the cost of business losses
> Money spent <= potential loss
> What is the right strategy in terms of RTO, RPO, ?
IT Leader Role: Use business requirements to
develop a strategy for IT service restoration.
13 Laurus Technologies Confidential

14. Strategy Development:
(Tends to be biggest Contributor to the Gap)
Know your data
> Don’t replicate too much
> What is actually useful after restoration?
> Don’t miss critical data
> Including supporting data
> Business owns data
> Business owners know the data they need
> Business owners know when they need the data
> Business justifies cost.
14 Laurus Technologies Confidential

15. Strategy Development:
Cost Justification
TCO < cost of downtime/data loss
> Typical solution tens of thousands to millions of dollars
> As RPO & RTO approaches zero, costs grow
exponentially
Figure 2: Disaster Recovery Strategy
Relationship of Time, Risk & Cost
15 Laurus Technologies Confidential

16. Step 5:
Continuity / Recovery Plan Development
The Plan is a living, dynamic process designed to
guide the organization through its recovery and
contingency efforts
This must address:
> Strategy
> People
> Communications
> Policies & Processes
> Data
> Systems, Equipment & Facilities
IT Leader Role: Sponsor the development of the plan;
develop the details of the IT portion of the plan.
16 Laurus Technologies Confidential

17. Step 5:
Continuity / Recovery Plan Development
Communication is key
> Disaster declaration
> Communications with employees, press, customers, vendors,
etc.
> Status updates, milestones, etc.
Standards & Procedural Documentation
> Process owners are required for each business function
> Exercising BC Plan is high stress; increased likelihood of
success if processes are documented & understood
> Develop standards for acceptable restoration
> What are the interim business procedures for operations awaiting
the restoration of their IT services?
Note that Business leaders need to develop their own
procedures.
17 Laurus Technologies Confidential

18. Step 6:
Testing, Audit and Maintenance
Exercise the Strategy & Plan
> Validation is key
> If you haven’t tried it, it won’t work
> If you can’t try it, it’s not a good solution
Account for Changes
> Are the critical business processes, workflows or systems
changing?
> Are the people changing?
> Are the risks and impacts the same?
> Is the strategy out of date?; (capacity for growth; data never
shrinks)
> Is the plan reflective of these dynamics and is it maintained in an
area that itself is safe from a disaster?
18 Laurus Technologies Confidential

19. Result of IT-Centric DR/BC
Disasters Keeping The
IT Infrastructure Averted! Business Running
Laurus Technologies Confidential

20. The Laurus Advantage:
Our Technical & Engineering Team
Consultants & Engineers
Steady and Substantial fill our ranks
Revenue Growth
Technical
Experts
Support
Staff
20 2 2 2 2 2 2 2 2 2
00 001 002 003 004 005 006 007 008 009 Account
Teams
Laurus Technologies invests to build and retain the best
team of consultants and engineers in the industry.
20 Laurus Technologies Confidential

21. Laurus Technologies:
Ta
len
Aligned to meet your needs
IT
tS
olu
Consulting
t
ion
s-
Business
( IT
Applications
Re
- ERP Optimization
cru
- Master Data Services
itin
- SAP & Oracle Consulting
g,
Sta
f fA
Managed Services
ug
me
- e-Mail Hosting - Data Center Outsourcing
nta
- Managed Backup - Managed Security Services
t
ion
- Managed Storage - Remote Infrastructure Management
,C
on
tra
Systems Integration
ct
- Assessment Services - Applications Services
fo
rH
- Integration Services - Datacenter TCO
ire
- Archiving / Data Deduplication - Consolidation & Capacity Planning
)
- Support Services - Virtualization (Server, Desktop & Storage)
- System Architecture & Design - Business Continuity/Disaster Recovery
- PMO Services - Performance Tuning
Laurus Technologies Confidential
Laurus Technologies - Proprietary & Confidential 12/17/2009

22. Questions and Answers
Thank You!
For further information contact:
Steve Susina
ssusina@laurustech.com
1.877.LAURUS.1 (1.877.528.7871)
22 Laurus Technologies Confidential

23. 23 Laurus Technologies Confidential