1 / 37

Disaster Recovery and Business Continuity Planning

Disaster Recovery and Business Continuity Planning. Jane Holmes, CPP Director, US Payroll Meggitt USA . Title. Agenda. Disaster Recovery vs. Business Continuity Key Components to Disaster Recovery & Business Continuity Comprehensive

sugar
Download Presentation

Disaster Recovery and Business Continuity Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster RecoveryandBusiness ContinuityPlanning Jane Holmes, CPP Director, US Payroll Meggitt USA

  2. Title Agenda • Disaster Recovery vs. Business Continuity • Key Components to • Disaster Recovery & • Business Continuity • Comprehensive • Business Continuity • Business Continuity Planning Cycle • Business Continuity Recovery Plan • Payroll Business Continuity Recovery Plan 2

  3. Disaster Recovery vs. Business Continuity Title • Disaster Recovery focuses on the plan to reestablish operations by protecting the “Tools” of the business… • Systems and Hardware • Data integrity and back-up • Facilities and security • Data Flow • People resources and documentation 3

  4. Disaster Recovery vs. Business Continuity Title • Business Continuity keeps the business running during a disaster… • Provides the location to perform work • Enables staff to resume work or provide for substitutes • Enables systems and hardware to be deployed or interim solutions placed in operation • Completes the functions of the payroll department 4

  5. Title Types of Disasters • Catastrophic climate or geological events • Pandemics • Fires, including arson • Terrorist attacks or instances involving significant destruction of property • Labor walkouts or strikes • Security breaches and computer attacks • System failures 5

  6. Title Disasters in the News • Australia/New Zealand • Chile • Japan • East Coast Whiteout • Mid-west Tornadoes & Flooding • Egypt • Other political challenges throughout Middle East and Africa 6

  7. 2011 Federal Disaster/ Emergency Declarations Title • Federal Disaster/Emergency Declarations thru July 2011 7

  8. Title Pandemics - H1N1 • April 2009 – Start of the H1N1 virus • Over 67 million cases reported thru 12/09 • 6/23/10 – CDC declares virus expired • 8/10/10 – WHO declares global concern over • CDC & other health organizations believe there will be instances of flu for years to come • Survey of Fortune 200 companies report most have taken some action to prepare 8

  9. Why It Is Important to Plan Title • Disruptions, even minor ones, can have serious impact • Missed or late payrolls • Potential federal, state, and local violations • Contractual breach – unions • Employee morale and productivity • Late third party payments • Late tax and regulatory filing • Late posting of General ledger data 9

  10. Key Components to Disaster Recovery Title • Create Comprehensive Recovery Plans • Identify communication vehicles and how they will be utilized • Involve Senior Leadership immediately • Establish government, civil authority, and private sector contacts before an event occurs • Ensure plan is communicated to team 10

  11. Key Components to Disaster Recovery Title • Emergency Management: Able to continue critical business processes within a predetermined period following a disaster or other business interruption • Continuity Planning: Able to resume normal business processes within a predetermined period following a disaster or other business interruption 11

  12. Comprehensive Business Continuity Title Lead the enterprise in all aspects of emergency management as well as developing a comprehensive plan to respond to a crisis INITIATE THE PROJECT PREVENT ____________ RESPOND ____________ RECOVER ____________ RESTORE ____________ RESUME Disaster Recovery Planning ANALYZE BUSINESS FUNCTIONS DEVELOP STRATEGY AND MITIGATION Emergency Management BUILD PLAN TEST, EDUCATE, & MAINTAIN 12

  13. Payroll Business Continuity Team Title • Include functional subject matter experts and project management resources • BCT should include representatives from: • Business Continuity (Lead) • Human Resources / Payroll • Benefits / Compensation • Legal / Public Affairs • Finance / Treasury • Communications • Operations 13

  14. RTO/RPO in Business Continuity Planning Title • RTO (Recovery Time Objective) – Amount of time it takes to recover from a disaster event • Payroll application failure recovery time drives solution and back up • Be conservative - assume system is down the day before payroll runs – what do you need? • Alternatives – file for check printing, paper check manual process, etc. 14

  15. RTO/RPO in Business Continuity Planning Title • RPO (Recovery Point Objective) – The amount of data, measured in time, that can be lost in a disaster • Consider if there is a means to reconstruct the lost data • Need to look at what risks you will bear for the costs 15

  16. Business Impact Analysis Title • Foundation for business continuity planning programs • Identify departmental business processes and potential impacts due to an interruption • Identify external resources that may impact your business • Link these processes to the key functions necessary to support organization 16

  17. Business Impact Analysis Title • Foundation for business continuity planning programs • Determine Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) based on their corresponding functions • Realize the current state of recovery preparedness and established workarounds • Evaluate recovery resource requirements 17

  18. Risk Assessment Process Title • Interview senior management about enterprise risks and vulnerabilities • Conduct formal risk assessment survey with key employees • Score risk scenarios on probability and severity • Consider options for each scenario – mitigate, plan and accept 18

  19. Business Recovery Strategy Title • Identify Business Functions, RTOs, & RPOs • Determine IT Network and System Requirements for current and future years • Design a Displacement Strategy • Educate Business Units on roles and responsibilities to build plans • Maintain & Exercise Business Recovery Plans 19

  20. Business Continuity Recovery Scenarios Title • Disaster – Event which renders company’s facility unusable or inaccessible for a period of time estimated to exceed “xx” calendar days • Worst-Case Interruption – Company’s facilities are totally unusable or inaccessible and there is no salvageable equipment, data, documentation, etc. 20

  21. Business Continuity Recovery Scenarios Title • Less-Severe Interruption – Ability to resume operations because of the plan identification structure for each time-sensitive operation, information system & support area • Localized Emergency – Equipment vendors & local utility companies able to replace computer & communications hardware & telephone circuits in “xx” calendar days 21

  22. Business Continuity Recovery Components Title • Documentation Files – Business documentation and necessary files for resumption/recovery purposes are backed up and stored or located off-site and/or electronically imaged • Computer Files – Required to implement resumption of Mainframe, WAN & PC/LAN operating environments, and/or support time-sensitive business operations are backed up, & rotated & retained off-site for a pre-determined period of time 22

  23. Business Continuity Recovery Components Title • Backup Storage Locations– Backup items for resumption/recovery stored on/off-site or quickly obtained or created from other identified sources • Internal and External Contacts– Information necessary to quickly complete internal/external contacts required during resumption is documented and maintained in plan 23

  24. Business Continuity Recovery Components Title • Cloud Computing - Applications hosted by vendor in the “cloud” are accessed through the internet along with data files 24

  25. Business Continuity Recovery Components Title • Resumption Time Frames– Time frame in which time-sensitive business operation and computer and application systems must be made current and available set by company at a maximum of “xx” calendar days 25

  26. Business Continuity Recovery External Stakeholders Title • Bank for ACH files • Tax authorities – federal, state, local • Benefit providers – health, 401(k), etc. • Third-party vendors – outsource providers • Distribution vendors – printing and distribution • Union organizations 26

  27. Business Continuity Recovery System Interfaces Title • Time and attendance application • Payroll application / ERP • Benefits application • Accounting system • Banking application • Tax application • ESS/MSS application • Data repository 27

  28. Business Continuity Recovery Components Title • Communication devices to feed various forms of communications receipt • Home/Cell Phone – off-duty and emergency response personnel (include “text” messaging) • Work Phone – emergency response on duty • Pager – (alphanumeric/digital/voice) on-call personnel • Fax Machine – transmit forms/reports to remote locations • Printer – document notification responses/reports 28

  29. Payroll Business Continuity Recovery – In Action Title • Step 1 – Senior Payroll Mgmt meet at disaster recovery site to identify: • Known impacts of disaster & determine action plan • Expected timeline of displacement of employees & system outages • Projected impacts to payroll processing 29

  30. Payroll Business Continuity Recovery – In Action Title • Step 1 (cont.) – Senior Payroll Mgmt meet at disaster recovery site to identify: • Availability of internal and external resources • Establish communication channels & communicate plan to supervisors & activate phone tree • Confirm available equipment and supplies 30

  31. Payroll Business Continuity Recovery – In Action Title • Step 2 – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s) • Setup work spaces, resolve issues with equipment • Create shift schedules and confirm staffing roles • Set initial plan for following 2 weeks • Evaluate employee “assistance plan” needs • Confirm sufficient resources for those who will work from home or alternate location 31

  32. Payroll Business Continuity Recovery – In Action Title • Step 2 (cont.) – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s) • Prepare communication to employees and plan for updates • Establish ongoing communication with employees and system support • Step 3 – Continue deployment as per plan 32

  33. Payroll Business Continuity Recovery Planning Title • Building the plan • Create a Disaster Recovery Plan binder • Establish approval process to initiate all security access to senior payroll operations • Include system support analysts on phone tree • Define the risks and plan for mitigation and response • Store off-site supplies critical to complete payroll processing 33

  34. Payroll Business Continuity Recovery Planning Title • Building the plan • Inventory and identify critical supplies and equipment for payroll processing • Ensure your plan includes third-party vendors and suppliers with points of contact • Identify the three components of your operations – input, process, and output 34

  35. Title Input, Process, and Output • Input • Setting up employee income and deduction records • Pay adjustments • Time data • Tax records • Process • Process data in application • Validate payroll data • Bank transfer processing • Validate general ledger data • Calculate gross to net • Generate tax deposits and filing • Output • Checks/advices • Third party payments • Tax returns and payments • Files for internal organizations • Files for external organizations • Reconciliations • Reports (internal and external) 35

  36. What Makes an Effective Disaster Recovery Plan Title • Involve All the Pertinent Groups • Make an Assessment of Needs and Resources • Plan, Test and Plan • Communicate, Communicate and Communicate • Review on a Regular Basis 36

  37. Thank you

More Related