Objective
Today, all businesses must address disaster recovery or business continuity planning as a responsibility to their stakeholders. And although disaster preparedness is a critical component of continuous business, it often takes a second seat to daily issues that seem to be more important at the moment…that is until the disaster strikes.
Every business makes decisions about how and where they allocate their resources. And while it’s OK to make these trade-offs knowingly, it can be disastrous to make them assumptively. You must know exactly what your recovery capabilities are…which business processes are protected and which are not…how fast will you can recover and how far in arrears you will be once you do? Without this information, you won’t be making a decision, you’ll be making a bet—one that may cost far more than you can afford!
Don’t make the mistake of assuming that because you have a recovery capability in place, that your business is fully protected. More often than not, somebody has already made assumptions that you are living with. Wouldn’t you be better off knowing what those assumptions were?
Applicability
CPR™ (Current Preparedness Review) is appropriate for businesses that already have addressed disaster recovery or business continuity but desire an impartial third party review of their current state of preparedness. It is especially well suited for companies that have…
- recently implemented, or are planning to implement, significant changes to their hardware/software infrastructure
- recently implemented, or are planning to update, their ERP processing
- experienced an unsuccessful test or have not tested as extensively as they should
- recently undergone, or are planning for, reorganization, consolidation, or merger
- implmented, or plan to implement High Availability for critical applications
- recently changed, or plan to change, business processing methods or have added, or are adding, new business processes to their service capability
- become increasingly sensitive to interruption of business service and/or dependence on automated processing
- addressed disaster recovery / continuity planning for over three years in substantially the same manner
Audience
CPR is well suited for many different proponents, including:
- Senior managers who require impartial evaluation of their real recovery capability
- Process “owners” responsible for availability of business services
- IT managers who are undertaking High Availability initiatives
- Audit managers without specialized DR/BC expertise in-house
- Recovery / Continuity managers who want independent validation of their planning methodologies and recovery capabilities
- Senior managers who need to impartially document their operational resiliency to interested third-parties.
Format
CPR is an inexpensive yet thorough way for businesses to gain an impartial, expert evaluation of their existing recovery/continuity capability and to verify whether it supports their requirements for business continuance. CPR is an analysis of all of the preventive elements of your recovery/continuity capability. That is, an analysis of the effectiveness of your recovery/continuity planning efforts to ensure that they adequately support your stated recovery objectives.
This first phase contains three distinct analyses necessary to identify greater-than-normal risks so that they may be remediated in order to maximize disaster resilience.
- The Physical Risk Analysis evaluates over 100 distinct physical exposures in a particular geographic area.
- The second analysis addresses Facility Infrastructure. Infrastructure resilience is a significant factor in a facility’s potential exposure, or resistance, to process interruption. This analysis is conducted via a site tour and interactive workshop and evaluates nearly 500 distinct actionable areas of facility infrastructure and hardening (and 500 more for a data center environment) that can have direct positive impact on the facility’s resistance to process interruption.
- The final analysis addresses over 500 components of the daily IT Process and Procedure to determine the extent to which they insulate the organization from operational risk, or conversely, the extent to which they expose the organization to risk. Since nearly 80% of commercially supported disasters occur from “preventable” failures, prevention is a critical part of any disaster recovery capability and IT process and procedure is the foundation upon which that prevention is built.
The second phase will develop an impartial, evaluation of the existing recovery/continuity capability and will assess and verify whether it supports the business’ requirements for continuance. This analysis addresses all of the results of your recovery/continuity planning efforts to ensure that they adequately support your stated recovery objectives. Using our proven NextGen 360o Advanced Business Continuity methodology as a baseline, over 1,000 individual aspects of recoverability are evaluated ranging from disaster assessment procedures to alternate site applicability to post-disaster normalization. WTG’s consultants will review your entire recovery/continuity capability including: plan documents; recovery hardware, software and communications infrastructure; recovery timeframes; data availability; application system synchronization and preparedness; alternate site applicability; and testing and maintenance programs. The resulting data will be objectively analyzed by our proprietary CPR model and reported in terms of program success factors, industry benchmark practices and overall program maturity.
Deliverables
“Current Preparedness Detailed Report” including:
- Risk Analysis of over 100 external exposures including:
- Risk
- Impact
- Target Significance
- Mitigation
- Amelioration
- Appetite
- Resultant Vulnerability
- Facility Infrastructure assessment indicating infrastructure and hardening quality for over 500 elements
- Data Center Infrastructure assessment indicating infrastructure and hardening quality for over 1,000 elements
- IT Process and Procedure Assessment indicating the extent and quality of over 500 process and procedure elements
- DR/BC Program Assessment indicating the extent and effectiveness of over 1,000 distinct program elements, including:
- Review of formal disaster recovery plan and supporting documentation
- “Golden Quadrant” Evaluation of your disaster recovery and business continuity program’s “Level of Maturity”
- Evaluation of the “Primary Components of Recoverability”
- Extent of “Core Success Factors” incorporated into current capability
- Extent of “Industry Best Practices” (ISO 22301, ISO [BSI] 25999, NFPA 1600, NIST SP800-34, DRI Professional Practices and WTG’s NextGen 360° Advanced Business Continuity™) incorporated into current capability
- Extent of “WTG NextGen Best Practices” incorporated into capability
- Recommendations and high-level cost estimates for remediating each element in the red zone
Benefits
- Independent, impartial assessment of your real recovery/continuity capabilities
- Validation of your current level of preparedness
- Prioritized remedy solution set defined by industry experts
- Roadmap to extend your capabilities to meet business requirements
- Potential cost savings
- Peace of mind