Understanding and Mitigating IT Risk - AFPC Calgary

Understanding and Mitigating IT

RiskDisaster Recovery Case

Fortress Technology Planners

- Jonathan Nituch -

- Joseph Gillis -

Agenda

1. Five Roots of IT Risk

2. Disaster Recovery

Source: http://emphasysbrokeroffice.com/files/2013/04/Standish-Group-CHAOS-Summary-2009.pdf

0%

10%

20%

30%

40%

50%

Failed Troubled Succeeded

IT Project Results

HIGHLYUNCERTAIN

is

Rate of Change

Source: http://download.intel.com/pressroom/images/events/moores_law_40th/Microprocessor_Chart.jpg

Immaturity of IT

Communication

ITProfessional

BusinessProfessional

Economically Tied

Source: http://www.nasdaq.com/symbol/ndxt/stock-chart?intraday=off&timeframe=7y&splits=off&earnings=off&movingaverage=None&lowerstudy=volume&comparison=off&index=&drilldown=off

Technology

Accounting

Operations

Sales

Marketing

Human Resources

Supply Chain

Technology

Technology

Accounting

Operations

Sales

Marketing

Human Resources

Supply Chain

Operations

is a

PLAN

YOU NEED

What

Disaster Recovery Plan (DRP)

A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.

Source http://en.wikipedia.org/wiki/Disaster_recovery_plan http://en.wikipedia.org/wiki/File:East_Village_Calgary_Flood_2013.jpg

Steps to Create a DRP

1. Identify IT Capabilities/Services

2. Identify Business Impacts of Disasters

3. Determine:

– Budget

– Recovery Point Objective (RPO)

– Recovery Time Objective (RTO)

4. Choose Solutions

Identify IT Capabilities/ServicesMajor Service Detailed Services

Email • Desktop client• Webmail• Mobile devices

File System • Local access• Remote access

Printing • Local access• Remote access

Production Applications • Applications involved with delivering your product or service

Supporting Applications • Accounting• Finance• Human Resources• Payroll

Supporting IT Services • Backups• Antivirus• Security

Identify Business Impacts of Disasters

Facility Normal

Facility Inaccessible

Facility Damaged

Equipment Inaccessible

Equipment Damaged

Determine Budget/RPO/RTO

Budget

Recovery Point Objective

Recovery Time

Objective

Determine Recovery Point

Objective (RPO)

It is the maximum tolerable period in which data might be lost from an IT service due to a major incident.

Source http://en.wikipedia.org/wiki/Recovery_point_objective

DISASTER

RPO

Determine Recovery Time

Objective (RTO)

The recovery time objective is the time within which a business process must be restored, after a disaster has occurred.

Source http://en.wikipedia.org/wiki/Disaster_recovery_plan

DISASTER

RTO

SERVICE RESTORED

Choosing Solutions

Budget

Recovery Point Objective

Recovery Time

Objective

Summary

• There are five roots of IT risk:1. Rate of Change2. Immaturity of IT3. Communication4. Economically Tied5. Integration

• Creating a Disaster Recovery Plan1. Identify IT Capabilities/Services2. Identify Business Impacts of Disasters3. Determine Budget/Recovery Point Objective

(RPO)/Recovery Time Objective (RTO)4. Choose Solutions

Questions???

THANK YOU

Free Whitepaper

www.ftpinc.ca/AFPC-Calgary