Download BCP Pasos Para GANTT PDF

TitleBCP Pasos Para GANTT
TagsStrategic Management Business Process Accountability Technology Computing
File Size164.8 KB
Total Pages10
Table of Contents
                            INTRODUCTION
PLANNING SCOPE AND PLAN OBJECTIVES
PROGRAM DESCRIPTION
	Phase 1 - Pre-Planning Activities (Project Initiation)
	Phase 2 - Vulnerability Assessment and General Definition of Requirements
	Phase 3 - Business Impact Assessment (BIA)
	Phase 4 - Detailed Definition of Requirements
	Phase 5 - Plan Development
	Phase 6 - Testing/Exercising Program
	Phase 7 – Plan Maintenance Program
	Phase 8 - Initial Plan Testing and Implementation
PROJECT ORGANIZATION AND STAFFING
	Steering Committee
	Core Project Team
	Suggested Core Project Team Composition
PROJECT CONTROL
SCHEDULE OF DELIVERABLES
RESOURCE REQUIREMENTS
Capital Costs
On-Going Costs
                        
Document Text Contents
Page 1

APFC Disaster Recovery/Business Continuity RFP
Attachment 5

DISASTER RECOVERY PROJECT PLAN


INTRODUCTION ...........................................................................................................2
PLANNING SCOPE AND PLAN OBJECTIVES.............................................................3
PROGRAM DESCRIPTION...........................................................................................4

Phase 1 - Pre-Planning Activities (Project Initiation) ..................................................4
Phase 2 - Vulnerability Assessment and General Definition of Requirements...........5
Phase 3 - Business Impact Assessment (BIA)...........................................................5
Phase 4 - Detailed Definition of Requirements ..........................................................6
Phase 5 - Plan Development .....................................................................................6
Phase 6 - Testing/Exercising Program.......................................................................6
Phase 7 – Plan Maintenance Program ......................................................................6
Phase 8 - Initial Plan Testing and Implementation.....................................................6

PROJECT ORGANIZATION AND STAFFING ..............................................................7
Steering Committee ...................................................................................................7
Core Project Team .....................................................................................................8
Suggested Core Project Team Composition..............................................................8

PROJECT CONTROL ...................................................................................................8
SCHEDULE OF DELIVERABLES .................................................................................8
RESOURCE REQUIREMENTS.....................................................................................9
Capital Costs ...............................................................................................................10
On-Going Costs ...........................................................................................................10



DRP/BCP Project Plan Attachment 5 page 1

Page 2

INTRODUCTION
Disaster recovery planning is not a short-term project, nor is it a project that once
completed, we can forget about. An effective recovery plan is a live recovery plan. The
plan must be maintained current and tested/exercised regularly.
Key elements of a Disaster Recovery Plan include:

• Program Description
• Pre-Planning Activities (Project Initiation)
• Planning Scope and Plan Objectives
• Project Organization and Staffing
• Project Control
• Schedule of Deliverables
• Resource Requirements
• Vulnerability Assessment and General Definition of Requirements
• Business Impact Analysis
• Detailed Definition of Requirements
• Plan Development
• Testing Program
• Maintenance Program
• Initial Plan Testing and Plan Implementation


The primary objective of a Disaster Recovery Plan is to enable our organization to
survive a disaster and to reestablish normal business operations. In order to survive, the
APFC must assure that critical operations can resume normal processing within a
reasonable time frame. Therefore, the goals of the Disaster Recovery Plan should be to:

• Identify weaknesses and implement a disaster prevention program;
• Minimize the duration of a serious disruption to business operations;
• Facilitate effective co-ordination of recovery tasks; and
• Reduce the complexity of the recovery effort.


Historically, the I.T. Section alone has been assigned the responsibility for providing
contingency planning. This can lead to the development of a recovery plan to restore
computer resources in a manner that is not fully responsive to the needs of the APFC
departments supported by those resources. Contingency planning is a business issue
rather than a data processing issue. In today's environment, the effects of long-term
operations outage may have a severe impact. The development of a viable recovery
strategy must, therefore, be a product not only of the I.T. Section, but also the users of
those I.T. services and management personnel who have responsibility for the protection
of the our assets.

DRP/BCP Project Plan Attachment 5 page 2

Page 4

Minimize the duration of a serious disruption to operations and resources (both
information processing and other resources);























Minimize immediate damage and losses;

Establish management succession and emergency powers;

Facilitate effective coordination of recovery tasks;

Reduce the complexity of the recovery effort;

Identify critical lines of business and supporting functions;
Although statistically the probability of a major disaster is remote, the consequences of
an occurrence could be catastrophic, both in terms of operational impact and public
image. Management appreciates the implications of an occurrence; therefore, it should
assign on-going responsibility for recovery planning to in-house staff.

Management must make a decision to undertake a project that satisfies the following
objectives:

Determine the organization’s vulnerability to significant service interruptions in
the Data Center and business facilities, and define preventive measures that may
be taken to minimize the probability and impact of interruptions;

Identify and analyze the economic, service, public image and other implications
of extended service interruptions in the Data Center and other business facilities;

Determine immediate, intermediate and extended-term recovery needs and
resource requirements;

Identify the alternatives and select the most cost effective approaches for
providing backup operations capability and timely service restoration; and

Develop and implement contingency plans that address both immediate and
longer-term needs for the Data Center and other business facilities.

PROGRAM DESCRIPTION
Since recovery planning is a very complex process, it requires redirection of valuable
technical staff and information processing resources as well as appropriate funding. In
order to minimize the impact such an undertaking would have on scarce resources, the
project for the development and implementation of disaster recovery and business
resumption plans should be part of the APFC’s normal planning activities.
The proposed project methodology consists of eight separate phases, as described
below.

Phase 1 - Pre-Planning Activities (Project Initiation)
Phase 1 is used to obtain an understanding of the existing and projected computing
environment and business processes of the organization. This enables the project team
to: refine the scope of the project and the associated work program; develop project
schedules; and identify and address any issues that could have an impact on the
delivery and the success of the project.

DRP/BCP Project Plan Attachment 5 page 4

Page 5

During this phase a Steering Committee should be established. The committee should
have the overall responsibility for providing direction and guidance to the Project Team.
The committee should also make all decisions related to the recovery planning effort.
The Project Manager should work with the Steering Committee in finalizing the detailed
work plan and developing interview schedules for conducting the Security Assessment
and the Business Impact Assessment.
Two other key deliverables of this phase are: the development of a policy to support the
recovery programs; and an awareness program to educate management and senior
individuals who will be required to participate in the project.

Phase 2 - Vulnerability Assessment and General Definition of
Requirements
Security and control within an organization is a continuing concern. It is preferable, from
an economic and business strategy perspective, to concentrate on activities that have
the effect of reducing the possibility of disaster occurrence, rather than concentrating
primarily on minimizing impact of an actual disaster. This phase addresses measures to
reduce the probability of occurrence.
This phase will include the following key tasks:

• A thorough Security Assessment of the computing and communications
environment including personnel practices; physical security; operating
procedures; backup and contingency planning; systems development and
maintenance; database security; data and voice communications security;
systems and access control software security; insurance; security planning and
administration; application controls; and personal computers.

• The Security Assessment will enable the project team to improve any existing
emergency plans and disaster prevention measures and to implement required
emergency plans and disaster prevention measures where none exist.

• Present findings and recommendations resulting from the activities of the
Security Assessment to the Steering Committee so that corrective actions can be
initiated in a timely manner.

• Define the scope of the planning effort.
• Analyze, recommend and purchase recovery planning and maintenance software

required to support the development of the plans and to keep the plans current
following implementation.

• Develop a Plan Framework.

• Assemble Project Team and conduct awareness sessions.

Phase 3 - Business Impact Assessment (BIA)
The project team conducts a Business Impact Assessment (BIA) of all business units
(I.T., Investments, Finance, Admin/Operations, Communications, Executive Director and
Board of Trustees) that are part of the APFC. This enables the project team to: identify
critical systems, processes and functions; identify and assess current/proposed backup
procedures and workarounds for these critical processes, assess the economic impact
of incidents and disasters that result in a denial of access to systems services and other

DRP/BCP Project Plan Attachment 5 page 5

Page 6

services and facilities; and assess the "pain threshold," that is, the length of time
business units can survive without access to systems, services and facilities.
The BIA Report should be presented to the Steering Committee. This report identifies
critical service functions and the timeframes in which they must be recovered after
interruption. The BIA Report should then be used as a basis for identifying systems and
resources required to support the critical services provided by information processing
and other services and facilities.


Phase 4 - Detailed Definition of Requirements
During this phase, a profile of recovery requirements to support the critical functions
identified in Phase 3 is developed. This profile is to be used as a basis for analyzing
alternative recovery strategies and solutions. The recovery requirements profile should
include hardware (servers, firewalls, data and voice communications and personal
computers), software (vendor-supplied, in-house developed, etc.), documentation (I.T.,
user, procedures), outside support (public networks, I.T. services, etc.), facilities (office
space, office equipment, etc.) and personnel for each business unit. Recovery
Strategies will be based on short term, intermediate term and long-term outages.
Another key deliverable of this phase is the definition of the plan scope, objectives and
assumptions.


Phase 5 - Plan Development
During this phase, recovery plan components are defined and plans are documented.
This phase also includes the implementation of changes to user procedures, upgrading
of existing data processing operating procedures required to support selected recovery
strategies and alternatives, and the definition of Recovery Teams, their roles and
responsibilities. Recovery standards are also to be developed during this phase.

Phase 6 - Testing/Exercising Program
The plan Testing/Exercising Program is developed during this phase. Testing/exercising
goals are established and alternative testing strategies are evaluated. Testing strategies
tailored to the working environment should be selected, and an on-going testing program
should be established.

Phase 7 – Plan Maintenance Program
Maintenance of the plans is critical to the success of an actual recovery. The plans must
reflect changes to the environments and business processes that are supported by the
plans. It is critical that existing change management processes are revised to take
recovery plan maintenance into account. In areas where change management does not
exist, change management procedures will be recommended and implemented. Many
recovery software products take this requirement into account.

Phase 8 - Initial Plan Testing and Implementation
Once plans are developed, initial tests of the plans are conducted and any necessary
modifications to the plans are made based on an analysis of the test results.

DRP/BCP Project Plan Attachment 5 page 6

Similer Documents