Samit Roy, President, SciCom Infrastructure Services, Inc

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Samit Roy, President, SciCom Infrastructure Services, Inc

Configure to fit PresentationSeptember 21, 2006
Geo - Political - Biological -Technological uncertainties in today’s world
But similar threats were always present in the past, then why is it an issue today?
Quantifying the effect of Disaster
RPO is the point in time that marks the end of the period during which data can still be recovered using backups, journals
RTO defines how quickly information systems, services and processes must be operational following some kind of incident including recovery of applications and data
Resume Business
The following parameters are used to quantify the magnitude of the loss to businesses because of disaster
There were less number of agencies to interact
Mostly paper based or Mainframe stored data
< 1990’s
Information Sharing
Limited Business Scenarios
Technology: Client Server Computing
< 1990’s
Disaster Recovery is a technology recovery often conducted in “reactive mode”
Today Government’s responsibility and responsiveness to the Society has increased
Justice needs has changed based on increase in population, immigration, socio-economic changes, changing demographics
Accuracy, Timeliness, reliability of Justice System rests on Inter-Agency dependence and Integrated Systems
Any disruption in any part of the Justice System will interfere with the overall justice process and thus affect the services to the Citizens
> 2000’s
Services Inf. System
Dept of Welfare
7. Charging Document
Possible Disruptions
Services Inf. System
Dept of Welfare
7. Charging Document
Bomb explosion in Court House
Precinct is flooded because of Water Main burst, Hurricane etc
911 Center is infected by biological agents
Electrical grid failure
The following are typical disasters that may disrupt the prosecution of the convict
Employee has lost the file folder containing the “Sentence Report”
The “Court Information System” is corrupted
Backup tape was stolen during the transport
Jail is infected with pandemic influenza
Fire has burned down the Records Retention Center
“Cyber crime” has broken security and altered criminal records
Restoring a Server from backup will not suffice
We need to think about the whole Integrated Justice Process
We need to plan for Disaster with every possible scenarios
Business Continuity
Business continuity goes beyond disaster recovery to ensure the continued availability of essential services, programs, and operations in the event of unexpected interruptions. Business continuity addresses enterprise-level and end-to-end solutions, from design and planning to implementation and management, with a focus on urgency
Business continuity must be approached holistically, including supporting process management interdependent with availability and security, to manage operational risk effectively. Business Continuity Management is not just a job for your IT team - it is an operational issue.
A team effort is required to develop comprehensive plans for critical operations including not just computing processes but also operational, building systems, suppliers, and other processes. Organizations should also consider long-term operations:
What can they do with their displaced workers?
How do they communicate with other stakeholders and partners?
How can we get the job done without our existing support network?
What is Business Continuity?
By taking a holistic approach to business continuity service and evaluating the solution from an IT and a business level both internally and externally, organizations ensure business is always available, performing and secure.
for the Justice Organization
Business Continuity Plan - Basics
Build the business continuity awareness, plans and strategies as a part of the enterprise culture
Business continuity planning is evolutionary. Maintenance of the plan and events experienced will necessitate revisions and/or additions of plans
The Business Continuity Planning methodology is basically one. However consultants and vendors twists it in different ways to sell their uniqueness
The Business Continuity Planning should basically be driven by the inside organization and not the vendor
Source: ASIS International
Objective: Address the preparatory steps required to provide a strong foundation on which to build BCP.
Planning Team
Communicate BCP
Conduct Business Impact Analysis
Determine RPO and RTO
Agree on Strategic Plans – Agreeable, Attainable, Probable, Verifiable and Cost Effective
Crisis Management and response team Development
Source: ASIS International
Objective: Address those areas where good planning will allow an organization to avoid, prevent or limit the impact of a crisis occurring
Source: ASIS International
Objective: Develop the steps that will be required to respond effectively, appropriately, and timely should a crisis occur
Notify the Teams
Parameters for Notification
Types of Notification
Assess the Situation
Declare a Crisis
Communications – Audiences, Call Center, Media
Source: ASIS International
Alternate Worksites, Secondary Data Centers
Offsite Storage
Recovery and Resumption
Objective: Develop policies, procedures and plans to bring the organization out of crisis, recover/resume critical processes and finally return to normal operations
Resumption of Critical and Remaining Processes
Process Resumption Prioritization
Test and Train
Objective: Train and educate team members as well as general employee population, and validate and embrace the BCP
Test the BCP
Benefits of Testing
Goals and Expectations
Planning and Development
Source: ASIS International
Evaluate and Maintain
Objective: Keep the BCP relevant to the Organization using a rigorous maintenance and evaluation programs
Develop BCP Maintenance Schedule: Following are examples of procedures, systems, processes that may affect the BCP
System and Application software changes
Changes to the organization and its business processes
Critical lessons learned in testing
Change to external environment
Status as of end of Yr 2005
A Gap Analysis was performed using a set of 25 questions that reflect the industry standard for a comprehensive BCP program
Result: Based on the study, it was estimated that the BCP practices, processes and infrastructure are operating at a maturity level of 35%
County operated in NT domain, with a security rating of 2.0 compared to Federal guidelines of 8.0 in a scale of 0 to 10
County operated under individual departmental budget creating isolated IS operations, multiple servers and storages, lack of policies and overall fragmented IT management
County operated under multiple operating systems (six OS), older versions of applications with minimum data validations
Multiple departments depended on single employee knowledge both in business processes and applications knowledge
Absence of awareness across the departments regarding recovery processes, BCP, security and depended on reactive responses in case of any business disruptions
Immediate plans were developed to upgrade computing environments
Applications upgrades for Court Systems – Banner
Application upgrade for PeopleSoft Payroll System
Hardware upgrade for Kronos clocks for time recording
Design and implementation of Active Directory and migration to Windows 2003
Clustering firewall and enhancing security servers
Clustering Email Exchange and implementing archiving technology
Consolidation of Servers
AIX (Unix) Servers was reduced from 11 to 1 enterprise class P590 Server
Introduced failover mechanism for enterprise applications
Consolidated storage into DS 8100
Windows Servers are being reduced from 160 to 15 as follows
Implementing SQL Cluster
Issues impending BCP
Currently the systems are isolated based on departmental needs and legacy
Most of the file servers, SQL Server based systems are configured into one machine with no failover, no disaster recovery mechanism
Multiple storage devices, locations will be a challenge to move into a consolidated DR mechanism
Multiple tape devices and tape storage locations is a challenge to recover in case of emergency
County IS
Consolidation of Computing Resources
Currently the systems are isolated based on departmental needs and legacy
Callaway Bldg
West Exchange
High powered Planning Committee has been formed
Currently “Readiness” phase of BCP is in process