This research note is restricted to the personal use of Aristotle Castro ([email protected]). Research Roundup: Business Continuity Management and IT Disaster Recovery Management, 2Q12 30 August 2012 | ID:G00237631 Roberta J. Witty Business continuity management and IT disaster recovery management are cross- disciplinary topics that must be addressed by managers in multiple corporate roles. Gartner's research Roundup provides business and IT leaders with guidance to keep up with the important BCM practices and latest trends. Analysis In this climate of almost unprecedented uncertainty and risk, business and IT leaders, and many other enterprise stakeholders, have urgent questions — reflected in Gartner client inquiries — about these crucial practices and the tools, technologies and processes that enable them. Gartner has a comprehensive body of research into business continuity management (BCM) and IT disaster recovery management (IT DRM), offering strategic insight, as well as tactical guidance, in virtually every area of these fields. The research is designed to enable enterprises of every size, type and industry to ensure true business resiliency during and after even the most traumatic crisis. This Roundup — an update from "Research Roundup: Business Continuity Management and IT Disaster Recovery Management, 4Q11 " — provides a guide to all of our research from the past several years, including the most recent, important and foundational research on BCM and IT DRM, including reports regarding special events such as the 2012 Gartner Security and Risk Management Survey, the March 2011 Japan earthquake/tsunami, the 2009 bushfire in Australia, Case Studies, Cool Vendors reports, Hype Cycles, Magic Quadrants, MarketScopes, Predicts reports and Toolkits. Use the advice to select, implement, improve, mature and optimize your BCM and IT DRM programs and solutions (see Note 1 and Note 2). To make the research easy to find, we continue to modify the organization of the Roundup reports. In this 2Q12 Roundup, we organized and numbered the research into eight categories: BCM foundational research Gartner-branded research such as Cool Vendors, Hype Cycles, Magic Quadrants and MarketScopes, Predicts, survey reports, and SWOT (strength, weakness, opportunity and threat) analyses (we only report the past three years, because branded research is typically more time-specific than other research) BCM Event-based research (the 2011 Fukushima earthquake/tsunami, 2009 Australian bushfire, Hurricane Katrina and all pandemic planning research) IT DRM Print Document http://my.gartner.com/portal/server.pt/gateway/PTARGS_0_24... 1 of 21 9/23/12 4:11 PM
21
Embed
Research roundup business continuity management and it disaster recovery management 2 q12
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
This research note is restricted to the personal use of Aristotle Castro ([email protected]).
Research Roundup: Business ContinuityManagement and IT Disaster RecoveryManagement, 2Q1230 August 2012 | ID:G00237631
Roberta J. Witty
Business continuity management and IT disaster recovery management are cross-disciplinary topics that must be addressed by managers in multiple corporate roles.Gartner's research Roundup provides business and IT leaders with guidance to keep upwith the important BCM practices and latest trends.
Analysis
In this climate of almost unprecedented uncertainty and risk, business and IT leaders, andmany other enterprise stakeholders, have urgent questions — reflected in Gartner clientinquiries — about these crucial practices and the tools, technologies and processes thatenable them. Gartner has a comprehensive body of research into business continuitymanagement (BCM) and IT disaster recovery management (IT DRM), offering strategicinsight, as well as tactical guidance, in virtually every area of these fields. The research isdesigned to enable enterprises of every size, type and industry to ensure true businessresiliency during and after even the most traumatic crisis.
This Roundup — an update from "Research Roundup: Business Continuity Managementand IT Disaster Recovery Management, 4Q11" — provides a guide to all of our researchfrom the past several years, including the most recent, important and foundationalresearch on BCM and IT DRM, including reports regarding special events such as the 2012Gartner Security and Risk Management Survey, the March 2011 Japanearthquake/tsunami, the 2009 bushfire in Australia, Case Studies, Cool Vendors reports,Hype Cycles, Magic Quadrants, MarketScopes, Predicts reports and Toolkits. Use the adviceto select, implement, improve, mature and optimize your BCM and IT DRM programs andsolutions (see Note 1 and Note 2).
To make the research easy to find, we continue to modify the organization of the Roundupreports. In this 2Q12 Roundup, we organized and numbered the research into eightcategories:
BCM foundational research
Gartner-branded research such as Cool Vendors, Hype Cycles, Magic Quadrants andMarketScopes, Predicts, survey reports, and SWOT (strength, weakness,opportunity and threat) analyses (we only report the past three years, becausebranded research is typically more time-specific than other research)
BCM
Event-based research (the 2011 Fukushima earthquake/tsunami, 2009 Australianbushfire, Hurricane Katrina and all pandemic planning research)
Vertical industries, and small and midsize businesses (SMBs)
There is some duplication of research references because a piece of research may apply tomore than one subcategory. We have tried to minimize the duplication, but we also wantto ensure that the research is easily found by our clients.
1 BCM Foundational Research
1.1 Read First
"Agenda for Security and Risk Management, 2012"
"Business Continuity Management Defined, 2008"
"Toolkit: 2011 BCM Program Overview, Key Issue 1; How Has the Role of the BusinessContinuity Manager Evolved During the Past 20 Years?"
"Toolkit: 2011 BCM Program Overview, Key Issue 2; How Can Businesses Build ResilienceInto Their Structures and Operations?"
"Toolkit: 2011 BCM Program Overview, Key Issue 3; How Can Organizations Mature TheirBCM Programs?"
"Applying Lessons Learned From Catastrophic Events in the Decade Since 9/11 to ImproveYour BCM Program"
"Avoid the Grim Reaper Syndrome: Integrate Recovery and Resilience Into the Project LifeCycle"
"Design Coordination and the Service Design Package"
"Designing IT Services for Operations"
"Best Practices for Conducting a Business Impact Analysis"
"Toolkit: Recovery Plan Template"
"Toolkit: RFP for IT Disaster Recovery and Work Area Recovery Services, 2010"
"A New Approach: Obtain Business Ownership and Investment Commitment for BusinessContinuity and Resilience Management Through Key Performance and Risk IndicatorMapping"
"ITScore for Business Continuity Management, 2012"
"ITScore for Business Continuity Management: Results Through January 2012 ShowMidlevel BCM Program Maturity"
"Toolkit: Assessing the Effectiveness of Recovery Plans Following a Disaster"
"Activity Cycle Overview: Business Continuity Manager Role, 2010 to 2011"
"Predicts 2010: New IT Disaster Recovery Technologies Are Emerging, but Most Are in theEarly Stages"
2.5 Security and Risk Survey Reports
"Survey Analysis: 2011 Data Center Conference, Backup Driven by Virtual MachineRecovery, Varying Deduplication Strategies and Shortened Retention Policies"
"Survey Analysis: BCM Methodology Adoption and Organization Certification, 2012"
"Survey Analysis: BCM Program Responsibility, 2012"
"Survey Analysis: BCM Program Posture, 2012"
"Survey Analysis: IT Disaster Recovery Management Spending and Testing ActivitiesExpand in 2012"
2.5 SWOTS
"SWOT: Hitachi Data Systems, Data Center Business, Worldwide"
"SWOT: NetApp, Worldwide"
3 BCM
BCM research is focused on the trends and best practices for maturing the overallprogram, including governance and program management, ensuring that the rightcomponents and processes are addressed in the program, plan development andmanagement, leveraging software to assist in the maturing of the program, and so forth.
3.1 BCM Consultancies
"Toolkit: RFP for Business Continuity Management and IT Disaster Recovery ManagementConsulting Services"
"Case Study: Euroclear Bank Applies Business Continuity Management Practices toFinancial Crises"
"Activity Cycle Overview: Business Continuity Manager Role, 2010 to 2011"
"Q&A: How Much Does an Hour of Downtime Cost?"
"2009 Data Center Conference Polling Results: BCM Organization Certification and BusinessProcess Integration"
"Key Issues for Risk and Security Roles, 2010"
"Best Practices for Aligning Recovery and Business-as-Usual Access Requirements"
"DRI and NFPA Announce New BCM Auditor Certifications"
"Legal Issues in Business Continuity Management: Introductory Questions"
"Legal Issues in Business Continuity Management: Advanced Questions"
"Highlights From the Gartner Business Continuity Management Summit, 2009"
"Top-Five Issues and Research Agenda, 2008: The Business Continuity Manager"
"Findings: IT Disaster Recovery Can Upsell Business Continuity Management"
"Gartner for IT Leaders Overview: The Business Continuity Manager"
"Toolkit: Job Description for Business Continuity Manager"
"Use Good Business Continuity Management to Prepare for a Disaster"
"Client Issues for Business Continuity Management"
"The Importance of Partnerships in Disaster Preparedness"
"Making the Enterprise More Disaster-Proof"
"Aftermath: Business Continuity Planning"
"Year 2000 Aftermath: Too Much Contingency Planning?"
"Business Continuity: Changing Market Dynamics"
3.5 BCM Program Maturity
"ITScore for Business Continuity Management, 2012"
"ITScore for Business Continuity Management: Results Through January 2012 ShowMidlevel BCM Program Maturity"
3.6 Business Case of BCM
"Improve Business Decision Making With Risk-Adjusted Value Management: CreatingRisk-Adjusted Key Performance Indicators"
"The Gartner Business Risk Model: A Framework for Integrating Risk and Performance"
"A New Approach: Obtain Business Ownership and Investment Commitment for BusinessContinuity and Resilience Management Through Key Performance and Risk IndicatorMapping"
"The CIO Challenge: Transforming Adversity Into Advantage"
"Enlightening the CEO on Business Continuity Management"
"Toolkit: How to Get Senior Management to Support Business Continuity"
"Market Trends: Midsize Businesses Are Embracing New Backup Techniques and Vendors"
"Availability and Resiliency"
"Market Trends: Cloud-Based Server Backup Services, North America, 2011"
"Clients Must Prepare as Iron Mountain Looks to Exit Digital Business"
"Cloud-Based Server Backup Services, 1Q11 Update"
"Desktop/Laptop Backup Update: Endpoint Backup Gains in Importance"
"Evolving Best Practices for Backup, Archiving and Tape: Strategies for Alignment"
"Recommendations for a Backup and Recovery Dashboard"
"Use of Disk for Backup Accelerates at the Expense of Tape"
"Top Storage Trends and Concerns in 2011 and Beyond"
"Survey Analysis: 2010 Data Center Conference, Storage Software Needs Driven by VirtualMachine Recovery, Deduplication and Backup/Archiving Retention Policies"
"Best Practices for Addressing the Broken State of Backup"
"Interest Declines for Use of the Distributed Virtual Tape Library Interface"
"Disaster Recovery and High-Availability Software Licensing Fees and Policies"
"Dataquest Insight: Cloud-Based Server Backup Services, 2Q09 Update"
"Enterprise Managed PC Backup Services, 1Q09"
"Cloud Storage: Benefits, Risks and Cost Considerations"
"Backup and Recovery Optimization and Cost Avoidance"
"Data Deduplication Is Poised to Transform Backup and Recovery"
"Toolkit Decision Framework: Choosing a Data Replication Architecture for DisasterRecovery"
5.6 Data Center Management and Recovery
"Lessons Learned From a Successful, Business-Focused Data Center Strategy"
"Survival of the Fittest: Disaster Recovery Design for the Data Center"
"Case Study: Disaster Recovery Testing Should Focus on Facilities' Components"
"Data Center Fire Suppression Options Are Cost, Toxicity, Green and Clean"
"Data Center Availability"
"Toolkit Sample Template: Checklist for Data Center BCM/DR Risk Assessment"
"Formalizing Release Management"
"Organizing and Measuring IT I&O: Trends and Best Practices, 2009"
"Consider Key Trends When Planning Data Center Strategies and Architectures"
"Top Challenges Facing IT I&O Executives"
"Toolkit: Create a Strategy for IT Service Data Availability and Protection"
"Data Backup and IT-DRM Modernization Generates Significant Savings for the Hay Group"
"Q&A: Benefits and Success of Insourced vs. Outsourced Disaster Recovery"
"Take Immediate Steps to Build Colocation Into Your Disaster Recovery/BusinessContinuity Plans"
"Beware of Unplanned Downtime When Using Software-as-a-Service Providers"
"Seek Evidence to Support Service Providers' Business Continuity Claims"
"SunGard Should Use Spin-Off to Improve Customer Relations"
"Comdisco and SunGard Merge: Advice for Their Clients"
"Negotiating a Sound Business Continuity Contract"
"HP Business Recovery Services: A Viable Option?"
5.20 Telecommunications
"Cable Outage Shows Need for Redundancy, Resumption Plans"
5.21 Virtualization
"Data Center Conference Attendees Are Bullish on Virtualization and Cloud Computing forImproving Application Services Recovery and Availability"
"Polling at 2009 Data Center Conference Shows Broad Use of Virtualization for DisasterRecovery"
6 National Protection
National protection research is focused on the recovery efforts for events such as terroristattacks, national protection challenges and other politically associated events.
"September 11: Business Continuity Lessons"
"Executive Lessons Post September 11"
"Business Continuity Lessons Not Learned From Sept. 11"
7 Supply Chain Availability
Supply chain availability research is focused on trends and best practices for ensuring thatpartners, suppliers, vendors and so forth are managing their own internal recovery effortssuch that they meet the needs of their customers.
"Water: Supply Chain Risks and Opportunities for Brands and Businesses"
"Case Study: Dow Chemical Uses Supply Chain Modeling to Manage Risk and Achieve'Balanced Resilience'"
"Where Does Your Company Rank on the Supply Chain Risk Maturity Curve?"
"In Managing Recent Risk and Disruptions, Have Supply Chain Management TechnologiesFailed the Test?"
"Is Your Company Air Cargo Dependent? Prepare Now to Ease Supply Chain Delays inAugust 2010"
"Fighting Global Supply Risk: Pitney Bowes Maps a Plan"
"How Financially Viable Are Your Suppliers?"
"Toolkit: Create and Implement a Supply Chain Risk Management Framework"
"Where Does Your Company Rank on the Supply Chain Risk Maturity Curve?"
"Top Strategies and Technologies for Mitigating Supplier Risk"
"Supply Chain Peer Forum Teleconference: Risk Management"
"Supply Chain Risk Management Must Be a Key Requirement for S&OP in Turbulent Times"
"Supply Chain Lessons From the BP Deepwater Horizon Incident"
"Aidmatrix: Supply Chain Management to the Rescue"
8 Vertical Industries and SMBs
Vertical industry research is focused on BCM and IT DR trends, and best practices that arespecific to an industry or industry segment, such as financial services, government,healthcare, manufacturing and SMBs.
8.1 Financial Services
"Data Center Trends and Recommendations in Financial Services, North America"
"Banks Worldwide Must Prepare for Civic Bankruptcies"
"Managing Scarcity-Driven Business Disruptions"
"Times of Transition Demand Immediate Action"
"Catastrophic Events Will Continue to Test Insurers Through 2012"
"Findings: Catastrophic Risks Are Real for Health Insurers"
"Banking and Investment Services BCM/DR, 2006"
8.2 Government
"Case Study: City of Chicago and ChicagoFIRST Public-Private Partnership"
"FEMA Announces Guidelines for the Credentialing of State and Local First Responders"
"Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending?"
"The U.S. Federal Government Offers Satellite Communications to First Responders"
"Emergency Notification Planning"
"Governments Are Using IT to Better Secure the Homeland"
"How to Quickly Spread the Word Locally: Basic and Advanced Editions"
"Miami-Dade Launches Multijurisdictional Government Contact Center"
"The Emergency Services Sector of the National Infrastructure Protection Plan"
"Michigan's Successful Experience With Centralizing Government IT"
"Governments Working Together Bridge Emergency Response Gaps"
"Emergency Communications Managers Should Plan at the National Level Because of theNature of Voice Over IP Services and Regulations"
"Management System Unites U.S. Emergency Response Groups"
8.3 Healthcare
"Disaster Recovery at Hartford Hospital"
8.4 Manufacturing
"Use IT to Reduce Risks From Business Interruptions"
8.5 SMBs
"Market Insight: Opportunities to Sell Disaster Recovery Solutions in the Midmarket"
"Midsize Enterprise Summit Business Continuity Questions"
"SMBs Must Raise Awareness of Importance of Business Continuity/Disaster RecoveryPlans"
"Business Continuity Questions From European Midsize Businesses"
"Preparing for a Disaster: Affordable SMB Actions"
Recommended Reading
Some documents may not be available as part of your current Gartner subscription.
"Research Roundup: Business Continuity Management and IT Disaster RecoveryManagement, 4Q11"
"Research Roundup: Business Continuity Management and IT Disaster RecoveryManagement, 2Q11"
"Research Roundup: Business Continuity Management and IT Disaster RecoveryManagement, 2Q10"
"Research Roundup: Business Continuity Management and IT Disaster RecoveryManagement, 3Q09"
Note 1Core Findings for a BCM Program
The main drivers for BCM program growth and maturity — 24/7 service delivery,globalization and increasing operational risk — are expanding the scope of BCM beyondits roots in the IT department. The relationships among these three drivers are
expanding the types of scenarios (IT, non-IT, local and regional) and the average outageduration being planned for, as well as public/private sector coordination in recoveryplanning efforts, and are increasing the focus on satisfying government and industryregulations.
BCM program components must apply globally across all locations, lines of business(LOBs) and workforces, with accommodations for local or functional issues, such as staffsize at an operating location, locale-specific disaster scenarios and data center versussales office.
Enterprises with mature BCM programs tend to be in high-risk, high-impact and oftenhighly regulated vertical industries. Organizations that do not have external requirementsfor establishing a BCM program are at risk of not recovering from a large-scale event orone that lasts more than seven days.
Resiliency is a level of business operations maturity that few, other than the largestcritical-infrastructure-related organizations, will attain during the next 10 years.
Note 2Core Recommendations for Every BCM Program
Make the business case for BCM by speaking the language of the business — on-timedelivery, sustainability, good governance, supplier performance, agreement fulfillmentand so forth.
Start a vendor availability risk management program to ensure that your supply chainmeets your organization's recovery and resiliency needs.
Put in place a governance structure and executive steering committee to oversee theenterprisewide BCM program. Assign BCM responsibility to senior management in theorganization and in each LOB.
Establish an integrated operational risk management practice to leverage the riskidentification and impact analyses across multiple risk venues.
Identify the impact of a business disruption on the organization, and the value to thebusiness of having a resiliency and recovery program in place. Communicate thoseresults and value to senior management.
To move toward a business operations management view of resiliency and recovery,integrate BCM into the enterprise culture to ensure that continuity of operations is a keyplanning component in all business operations activities. Align IT DRM with BCM for anintegrated approach.
Integrate BCM and IT DRM into the change management and project life cycle processesto ensure that recovery requirements — people, technology, facilities and businessprocesses — are defined early in the project and, therefore, adequately funded.
Cross-train personnel to remove single points of failure in business and IT processes.
Conduct regularly scheduled exercises of all business and IT recovery plans. Ensure thatadequate test time is scheduled with your third-party disaster recovery (DR) serviceproviders.
Review and update recovery plans against business needs, and market and industry bestpractices at least once a year.
Assess your BCM program maturity by taking the online survey "ITScore for BusinessContinuity Management," and then apply the Gartner BCM Activity Cycle (see "ActivityCycle Overview: Business Continuity Manager Role, 2010 to 2011") to improve yourprogram's maturity. Perform a gap analysis for component coverage using the GartnerBCM component definitions to uncover where your BCM program needs reinforcement.