Categories
Uncategorized

IT Business Continuity & Disaster Risk Management

Case Study
———–
LEADO is a multinational, company based in Europe and produces materials for the construction industry.
IT Services are managed by Central IT and the IT Department hosts all its applications/ IT services in its own data centre facility. This data centre hosts (amongst other services) 30 High Critical IT Services/Applications.
Some of these critical services are hosted on VMware virtualisation environment and this environment is replicated via vmotion to secondary data centre (this is DR as far as LEADO has). However, for all the non-virtualised services, only the data is backed up to the second data centre site. Whilst the company’s IT Support Services (Helpdesk) are provided by global teams based on ‘follow the sun’.
Of all the 30 critical IT Services to the business, only 1 has a DR plan. Also no overarching IT Business Continuity plan exists to date, although one is now being produced.
As for Major IT Incident Management, there only exists a call rota of key IT Support People (names and contact numbers and a rota) e.g. networks, storage, server, database administrator, helpdesk, etc. The incident management process also defines what is High, Medium or Low criticality incident.
Paper Objectives
———————-
Produce a detailed Business Impact Executive Summary (in table format with risks and mitigation in the form of list items within the table rather than long paragrahs). These need to detail all the possible risks and issue that LEADO is and could face with little to zero IT Risk Management, IT Business Continuity Planning or IT Disaster Recovery Planning for all there major Critical IT Services.
These risks and mitigation strategies should cover the full IT spectrum e.g. People, Processes, Technology, Data Centre Building, Backup and Vendors. They should all be around these three core areas:
IT Risk Management
IT Business Continuity Plan
IT Disaster Recovery Plans (for each critical IT service)
The risks should also cover Legal, Regulatory and company Director responsibility risks as the organisation is based within the EU and governed by EU laws.
 

Leave a Reply

Your email address will not be published. Required fields are marked *