Operational Recovery Planning - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Operational Recovery Planning

Description:

Definition from Disaster Recovery ... Recovery Procedures Data Center Services Resource Requirements Assignment of Responsibility Contact Information Testing ... – PowerPoint PPT presentation

Number of Views:116
Avg rating:3.0/5.0
Slides: 20
Provided by: ROSAU5
Learn more at: https://w3.calema.ca.gov
Category:

less

Transcript and Presenter's Notes

Title: Operational Recovery Planning


1
Operational Recovery Planning
  • Presented by the California State Information
    Security Office

2
State Information Security Office
  • Vision
  • Leading the way to secure the State's
    information assets.
  • Mission
  • To manage security and operational recovery
    risk for the State's information assets by
    providing statewide direction and leadership.

3
Definitions
  • Emergency Response
  • Business Continuity Planning (BCP)
  • Operational Recovery Planning (ORP)
  • Continuity of Operations (COOP)
  • Continuity of Government (COG)

4
Emergency Response
  • The immediate reaction and response to an
    emergency situation commonly focusing on ensuring
    life safety and reducing the severity of the
    incident.
  • Definition from Disaster Recovery Journal (DRI)
    website at http//www.drj.com/glossary/

5
Business Continuity Planning (BCP)
  • Process of developing and documenting
    arrangements and procedures that enable an
    organization to respond to an event that lasts
    for an unacceptable period of time and return to
    performing its critical functions after an
    interruption.
  • Similar terms  business resumption plan,
    continuity plan, contingency plan, disaster
    recovery plan, recovery plan.
  • Definition from Disaster Recovery Journal (DRI)
    website at http//www.drj.com/glossary/

6
Operational Recovery Planning (ORP)
  • DISASTER RECOVERY PLAN (also known as -
    Operational Recovery Plan) 
  • The management approved document that defines
    the resources, actions, tasks and data required
    to manage the technology recovery effort. 
    Usually refers to the technology recovery
    effort.  This is a component of the Business
    Continuity Management Program. 
  • Definition from Disaster Recovery Journal (DRI)
    website at http//www.drj.com/glossary/

7
Continuity of Operations (COOP)
  • Continuity of Operations (COOP) The activities
    of individual departments and agencies and their
    sub-components to ensure that their essential
    functions are continued under all circumstances.
    This includes plans and procedures that delineate
    essential functions specify succession to office
    and the emergency delegation of authority
    provide for the safekeeping of vital records and
    databases identify alternate operating
    facilities provide for interoperable
    communications and validate the capability
    through tests, training, and exercises.
  • Office of Emergency Services (OES)

8
Continuity of Government (COG)
  • The preservation, maintenance, or reconstitution
    of the institution of government. It is the
    ability to carry out an organizations
    constitutional responsibilities. This is
    accomplished through succession of leadership,
    the pre-delegation of emergency authority and
    active command and control.
  • Office of Emergency Services (OES)

9
Relationship of Plans
10
Inter-Dependencies
11
Three Phases of Continuity
Departments
Emergency Response - Life Safety First 72 Hours
IT Operational Recovery up to 30 days
Restoration Business back to normal
Planning, Documenting, Testing, and Training
Business Recovery up to 30 days
Damage Assessment First 72 hours
Phase I
Phase II
Phase III
12
IMPLEMENTATION OF PLANS
  • Disruption of business occurs and you are
    informed, next steps
  • 1. Emergency Response safety and
  • security of staff.
  • 2. Securing the site.
  • 3. Activate COOP/COG Plan to ensure the
    continuation of essential functions.
  • 4. Implementation of the communication plan.
  • 5. After assessing incident, determine if
    implementation of BCP ORP is required.
  • 6. Contact SISO to report incident.
  • 7. Implement BCP and ORP

13
Strategies of Implementation
  • Business Continuity and Operational Recovery
    Plans should be invoked when there is an
  • Incident that affects an essential business
    function that exceeds the maximum allowable
    outage (MAO). For example
  • System Availability major virus infection
    requiring systems or applications to be shut down
    (denial of service).
  • Communication disruption connection with DTS is
    disrupted.
  • Fire, flood, or other natural or man-made
    catastrophe that disrupts your essential business
    functions.

14
ORP Documentation Revised
  • Components to be included in the ORP were updated
    in January 2007
  • The changes must be included in the ORPs filed
    with the SISO beginning in October 2007.
  • Training classes have been scheduled on the
    changes made to the ORP.

15
New Requirements
  • ORPs must describe
  • Agency Administrative Information
  • Critical Business Functions/Applications
  • Recovery Strategy
  • Backup and Offsite Storage Procedures
  • Operational Recovery Procedures
  • Data Center Services
  • Resource Requirements
  • Assignment of Responsibility
  • Contact Information
  • Testing

16
Supplemental Requirements
  • Agencies that have not developed and implemented
    a full business continuity plan or COOP/COG must
    also address and include the following in their
    plan
  • Damage Recognition and Assessment
  • Mobilization of Personnel
  • Primary Site Restoration and Relocation

17
State IT Strategic Plan Action Item
  • To align the ORP and COOP/COG, a work group has
    been established to
  • review processes
  • define terminology
  • evaluate reporting requirements

18
Resources
  • SISO web site http//www.infosecurity.ca.gov/ORP/
  • Budget Letter 07-03 ORP Policy Changes
  • http//www.dof.ca.gov/OTROS/StatewideIT/IT_BdgtLtt
    rs.asp
  • ORP SIMM 65A http//www.infosecurity.ca.gov/Pol
    icy/
  • ORP Training Schedule
  • http//www.infosecurity.ca.gov/Training/

19
Contact Us
  • Rosa.Umbach_at_dof.ca.gov
  • (916) 445-1777 ext 3242
  • SISO Office
  • email security_at_dof.ca.gov
  • Telephone (916) 445-5239
  • www.infosecurity.ca.gov
Write a Comment
User Comments (0)
About PowerShow.com