BUSINESS RESILIENCE SERVICES FROM GBM
Pappu Rao, Director, Technology Services
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
agenda
Slide 2
1 2
Why Business Resilience What is GBM’s Business Resilience Portfolio
2
3
How do we address the Challenges?
4
Next Steps
IBM Disaster Recovery Services – work area recovery | November 2008
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 3
WHY BUSINESS RESILIENCE
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
No one plans to fail, people just fail to plan
ORBIT速 Business Continuity Management System
4
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Does my company need a BCM Program?
5
Anything that can possibly go wrong, does.
Prepare for the worst don’t and hope for the best. Planning for the Unexpected
The real risk
Last but not the least
ORBITÂŽ Business Continuity Management System
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Drivers for Business Continuity
6
Survival Continuous availability of business Retain Credibility Safeguard customer relationships Differentiate from competition Ensure safety and security of employees Compliance to regulatory requirements ORBIT® Business Continuity Management System
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 7
What is BCM? Business Continuity Management is a holistic ‌
‌management process that identifies potential impacts that threaten an organization and provides a framework for building a resilient response strategy that safeguards the interests of the organization.
7
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 8
Core Elements of Business Continuity
Crisis Management
Mission critical activities and RTOs Recovery strategy
Recovery teams
People (Employees / clients) Facilities Communications (external / internal)
IT Infrastructure
Business Resumption plans
IT Disaster Recovery
Applications
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
BCM Plans
Slide 9
Business continuity plan (BCP) – A detailed plan concerning the relevant and necessary steps to be taken by the business to continue its operations, often at a different, alternative location. Crisis management plan (CMP) – a high level organizational plan that includes when the CMP will be invoked and by whom, names and contact details of the crisis team members, their roles and responsibilities, contact details of relevant parties, and relationship with the underlying BCP. Disaster recovery plan (DRP) – detailed plan concerning the recovery, restoration and resumption of IT functions, often at a secondary site. Emergency response plan (ERP) – detailed plan concerning the immediate response to a disaster and subsequent evacuation of people from a building, plant or site.
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 10
THE BUSINESS RESILIENCE PORTFOLIO FROM GBM
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 11
GBM Portfolio - BCDR Solutions
Consulting Services Governance, Disaster Risk and Recovery Compliance Management Solutions
Data Protection Solutions
Managed DR Services
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
BCDR Offerings Portfolio Structure
Slide 12
Service
Focus Area
Service Summary
GBM Resiliency Consulting Services
BCP Consulting
Identify, quantify and prioritize business and IT risks, then develop strategies to address them, support in building architectures to minimize business risks
IT DR Consulting
Evaluate vulnerabilities, prioritize and quantify the risks for systems supporting critical business functions, develop and implement strategies to mitigate them
GBM Governance, Business Continuity Risk and Program Compliance Management
Comprehensive solution to manage the Business Continuity Management Program within the organization.
GBM IT DR Management & Data Protection
IT DR Management
Provides visibility, simplicity, scalability, enable ease of testing and DR drills, supports Audit and Compliance requirements through reports
Data Protection
Vendor agnostic recoverability, provides real time byte level data protection, with comprehensive recovery across the stack and achieving high DR SLA’s.
GBM Managed DR Managed DR services
24/7 Monitoring, Event Management, Scheduled DR Drills, On-going operations, ITIL Process based services START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 13
GBM Consulting Services
Business Process Analysis
DR Drill and Maintenance Services
Risk Assessment
BCM Program Management
Business Impact Analysis
Implementation Services
Design Recovery Strategy
Documentation of inter-linkages between critical business processes. Risk Assessment Report BIA Report defining RPO/RTO and priorities Recovery Strategy Document HLD & LLD for the Solution Run-book for the implemented solution DR Drill Report and Availability Reports
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Automated vs Traditional approach Automated • WEB (Internet/Intranet) access • Documents automatically compiled by the application • Full Data Base integration for legacy data • No duplicated data entry • Decentralized approach with Process Owner involvement • Single application for BIA, BCP, DR, Crisis, Test, Incident Management and Audit • Mobile access to Business Continuity Planning infrastructure
Traditional • Based on “Document Management” approach • Office suite to produce documents and lists • No Data Base integration with legacy sources • Heavy centralized management • Process owner involved only for BIA interviews • BC awareness issue • BC maintenance based on documents periodical review
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
15
Why ORBIT速
BUSINESS CONTINUITY MANAGEMENT
Business Continuity Planning
Risk Assessment
Incident Management
Emergency Management
ORBIT速 Business Continuity Management System
Crisis Management
Disaster Recovery Planning
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
16
What is ORBIT® BIA
BCP
Processes Organizational Units Services
Crisis scenarios
Business Continuity Plan
User profiling
Associations and Impacts
Threats and vulnerability
OPTIONAL MODULES
Resources CMDB Employees External personnel Sites Places Instruments Suppliers Vital records Infrastructures IT Etc.
RISK ASSESSMENT
Test plan Crisis management •Call Trees •Emergency and continuity plans •Emergency procedures •Resources •Third parties •Etc.
Incident management
Historical data mgmt Audit
ORBIT® Business Continuity Management System
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Key Modules of the Solution
Slide 17
Key Modules include:
Business Impact Analysis Incident Discovery & Management Business Continuity Management Crisis Management Communication Management Risk Assessment Test Management Emergency Management
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
ORBIT - Customer experience UNICREDIT The Company
Numbers (January 2012):
• Third largest Bank in Europe (7,000 branches all over Europe) • More than 40 different Banking legal entities in more than 10 countries • Several data centers with diversified technologies • Multi-countries Business Processes • Payments • Treasury • Finance • Etc.
• 500 Legal Entities • 35.000 Organizational Units • 9.000 operational sites (HQs and Branches) • 8.400 IT Applications • 125.000 employees • 30.000 employees of this list are identified as critical human resources • 150 outsources and suppliers
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
ORBIT - Customer experience UNICREDIT The problem • Each legal entity had his own Business Continuity Plan • No IT Disaster Recovery Integration • Very high BCP obsolescence due maintenance complexity • Lack of BC Governance at Group Level • Lack of communications in case of crisis • BC Testing and exercising not effective
The solutions: ORBIT Adoption • Creation of an homogenous and centralized Business Continuity Governance • Fully and dynamic integration between ITDR and BCP • BCP Maintenance automatically granted through the ORBIT features • Enhanced Crisis Communications with the integration of ORBIT with the company communications systems • BC Testing and Exercising phases easily conducted and audited
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Key IT Disaster Recovery Management Challenges
Slide 20
1. DR Health- Are all the components available? 2. DR Readiness – Am I able to achieve defined RPO, especially for 2-way DR? 3. Time to bring up app – How long will it take to bring app online? 4. DR testing – Can I check my DR readiness using DR drills? 5. Quick recovery – Can I use my DR for quick App recovery?
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 21
Key Parameters of DR Management
Visibility -
Simplicity & Scalability -
-
Recover Multiple Applications simultaneously Achieve low RPO/RTO Add new applications on the fly
Visibility
Simplicity
Scalability
Testability
Testability -
-
Monitor RPO, RTO, Replication, Alerts
DRM framework acts as a central repository of DR Plans Re-Configure, Execute, Monitor, Report and Validate Test single application or all applications simultaneously
Audit-ability / Compliances -
Reports on Replication, RPO, RTO, DR Test Execution Validate DR Plans and report on deviations using pre-checks
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 22
IT-Disaster Recovery Management
Deploy best practice DR workflows
Audit Reporting Automated Failover Recovery
Real-time RPO & RTO visibility
Configuration gap validation
DR Drill Plan / START LOADING THE FUTURE Execution with the Leading Provider of IT Business Solutions in the GCC
Slide 23
Dashboard / Reports
Central dashboard view of critical application’s recovery readiness
Recovery health monitoring & Exception reporting and policy driven actions
Real-time RPO monitoring & deviation alert Replication monitoring – relate replication lag to application recovery
Identify incompatibilities between primary & DR – passwords are different START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Banking Success Story – HDFC Bank • HDFC Bank is one of India’s largest financial institution with a network of 1500 branches and over 3000 ATMs over 530 cities throughout India • The bank required a DR plan to recover within business set objectives and provide seamless transition to over 25,000 end users • The application environment is a heterogeneous mix of Unix and Windows platforms, SAN based storage and three tier application architecture
Business Benefits of deploying Sanovi DRM Productivity
Operational Efficiency
• Over 85% reduction in application failover time • 75% reduction in the time required for DR drill preparation and testing
• Automated hourly reports & alerts on SLA & DR health • Five times increase in number of DR solution with no increase in staff
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
GBM Data Protection Portfolio
Slide 25
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 26
Managed DR Services
Real-time monitoring of the entire DR infrastructure Real-time monitoring of the data replication to ensure synchronized data Role-Swap activity on a periodic basis Selective or complete DR drill Testing and Management 24/7 ITIL based Service Desk for Incident Management Backup and Restore Management Release Management to ensure up-to-date IT Infrastructure On-going governance of Service Levels 24/7 Dedicated IT team specialized in DR Operations Upon declared disaster - GBM Service Desk will become the de-facto Command Centre for all communications - Invocation of Work Area Recovery - Execute mutually agreed steps to ensure availability of infrastructure including networks, 3rd party service providers (Reuters, payment gateways etc) and applications
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Data Center and Work Area Recovery Locations
Slide 27
Data Centres UAE – Dubai (Datamena and Emaar) Switzerland, Geneva Turkey, Istanbul United Kingdom, London Work Area Recovery UK – Multiple locations UAE – Dubai
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 28
Datamena
DE-CIX Internet Exchange is hosted in Datamena
Local and regional Access
Co-location operated in partnership with Equinix
International connectivity
IP Transit
28
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 29
GBM and Datamena GBM System Integrator / Managed Services Provider Enterprise Systems
Middleware and Messaging Back-End Applications Operating Systems
Local Security IT DR 24/7 Frame Services Service work Desk
Infrastructure (NW/Servers/Storage
Co-location
Bandwidth Services
Datamena
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 30
HOW DO WE ADDRESS THESE CHALLENGES
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 31
Typical Maturity Curve for BCDR
Level 5 Level 4
Level 3 Level 2 Level 1 • Ad hoc. Undocumented; in a state of dynamic change; depends on individual heroics
• Preliminary. Risk defined in different ways and managed in silos. Process discipline is unlikely to be rigorous.
• Defined. A common risk assessment/respo nse framework is in place. Organization-wide view of risk is provided to executive leadership. Action plans implemented in response to high priority risks.
• Integrated. Risk management activities coordinated across business areas. Common risk management tools and processes used where appropriate, with enterprise-wide risk monitoring, measurement and reporting. Alternative responses analyzed with scenario planning. Process metrics in place.
• Optimized. Risk discussion is embedded in strategic planning, capital allocation, and other processes and in daily decision-making. Early warning system to notify board and management to risks above established thresholds.
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Client Challenges and GBM Solution Map Client Challenges -
-
Application Islands Complex Recovery Process Regulatory compliance Specific Service recovery challenge Critical Resource Dependency Allocation of skills for DR Drill High Downtime requirements Constant changes in organization BC / DR plans not current Integration of plans from different units Data Consistency and Protection across application stack
GBM DRM Solution -
-
Integrated workflow automation Seamless one button recovery Ease of performing drills with comprehensive reporting Can recovery one or a group of applications / service Automated Recovery / DR Drills Considerably reduces the downtime requirements for Drills
GBM GRC Solution -
Slide 32
Centralized repository of Inventory and plans Integration with Processes and systems
GBM Data Protection -
Byte Level data protection Vendor Agnostic replication Quick and easy recovery
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Next Steps
Slide 33
A Two – day assessment Workshop which covers - Identify where you are in the BCDR Maturity Model - Identify critical pain points - Help you prioritize these pain areas - Agree on a approach to address these pain areas
Leading to a report which states the above Session to share the contents of the Workshop assessment report
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Slide 34
Thank You for your attention
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Level 1 Client propositions Challenges Definition: Ad hoc. Undocumented; in a state of dynamic change; depends on individual heroics Lack of skills in the area of Business Continuity Inadequate controls implemented Data Protection not articulated
Offerings Consulting offering starting with a BIA & Risk Assessment - Business Process Mapping - Identification of Critical Processes / Applications for the organization - Risk Assessment - Help is articulating the RPO / RTO / NRO / MTPoD
Recovery Strategy development First Level BC / DR Plan Consulting for Backup Policy Backup on cloud offering Off-site tape Relocation START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Level 2 Client propositions Challenges Definition: Preliminary. Risk defined in different ways and managed in silos. Process discipline is unlikely to be rigorous. Do not have dedicated BC / DR Executive or Manager Different solutions for different departments may exist Lack of coordination from a Risk Management point of view No clear view of overall recovery objectives
Offerings Consulting offerings like BIA, Recovery Strategy, Risk Assessment, Business Continuity Plan, Disaster Recovery Plan etc Review of currently implemented solutions and plan for integration. Support in building a Risk Response / Business Continuity Frame work DR Replication Solutions HA Solutions Backup solutions Off-site Tape Solutions Work Area Recovery Options START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Level 3 & 4 Client Propositions Challenges Definition: Defined. A common risk assessment/response framework is in place. Organization-wide view of risk is provided to executive leadership. Action plans implemented in response to high priority risks. Multiple Solutions leading to management challenges DR Drill planning challenges Non-effective DR Drill calender’s DR/ BC Plan not tested effectively
Offerings Consulting Offerings DR Implementation solutions DR hosting solutions DR Assessment Solution DR Monitoring / Management solution Planning tool solutions Backup Cloud Solution DR cloud solutions Off-site Tape storage solutions Work Area Recovery Solution Managed DR Solutions START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC
Products which can be positioned for Level 5 client
Sanovi DRM offering Orbit Solution for BCM Consulting Offering for upkeep of plans and DR Drills On-site BC/DR Manager Outsourced (out tasking) Shared BC/ DR Manager (Consulting identified consultant with defined number of days per month) Managed DR Offering Replication Solutions for any additional elements added in the infrastructure Change Management monitoring solutions Notification and Emergency Management solutions
START LOADING THE FUTURE with the Leading Provider of IT Business Solutions in the GCC