Business Continuity Management (BCM) is a key element for all business services.Generally speaking, when human resources, data, information and applications are essential and indispensable for carrying out the activities of an entity / organization, they become a primary asset, which requires safeguarding and availability. Availability together with confidentiality and integrity is one of the pillar of Security. Business Continuity Management is an integral part of an organization's security processes and policies.
Engineering proposes two different disaster recovery approaches based on customer requirements:
- Ad hoc BCM and Disaster Recovery solutions for companies with complex and heterogeneous platforms, requiring consultancy services for all Business Continuity Management processes, requiring turnkey projects covering the full set of BCM processes or a part of them.
- DraaS solution that help to reduce costs streamlining disaster recovery in the cloud with a simply powerful solution that features the deep integration, automation and flexibility across multiple VM and cloud.
BCM and Disaster Recovery Methodology
The principles adopted at the basis of these methodologies are based largely on "best practices" defined in the "framework" ITIL 3.0, together with the principles and processes recommended in the standard ISO 22301, formerly in the British Standard 25999. ISO 22301 is the standard reference for the Business Continuity Management (BCM): on one side it fixes BCM processes, principles and terminology and on the other formalizes the requirements for the BCM definition, construction, operation and control.
The validity of the methods developed and applied by Engineering has been confirmed in many successful cases for clients in various sectors of activity.
Engineering methodology is based on the PDCA cycle divided into four phases: Plan, Do, Check and Act. This model provides the specifications for:
- the implementation phase of the BCMS (PLAN), which establishes the policy of BC, objectives, controls, processes and procedures required to manage the risks in order to produce results consistent with the policies and objectives of the General 'organization
- the implementation and operation of the BCMS (DO) in order to implement the policy of BC, controls, processes, procedures
- the phase of monitoring and review of the BCMS (CHECK), to evaluate and measure performance against BC policy, objectives and practical experiences, to report the results to management for the review and improvement
- the phase of the maintenance and improvement of BCMS (ACT), to keep it up, updated and improved by taking corrective and preventive actions based on the results of the checks and the revaluation of the scope, policy and objectives of the BCMS.
The need to ensure the delivery of IT services in cases of "Disaster" and in full correspondence with the requirements of each Business Processes and Mission critical activity, is covered by a continuous process of analysis / implementation called "Business Continuity Management" that constitutes of:
- Full commitment of the company management to define the scope and objectives of the management system business continuity
- Maintaining the correct levels of education and training of personnel
- A continuous review of the Business Continuity Plan:
- Normal performance of the Business Impact Analysis.
Analyze the impact on individual business processes highlighting the recovery time of IT services (RTO) because of the economic impact on business
- A regular review and update of Risk Analysis and Risk Management Plan.
Define strategies and how to restore these to mitigate the risk.
- Implement DR solution and keep it aligned in time because of the change processes / systems service pipes;
- Monitor the process of alignment of DR systems and perform the necessary tests to certify the correctness of data.
- Performing regularly tests DR
- Normal performance of the Business Impact Analysis.
DR strategy solution design
After requirements have been established through BCM phases, strategies can be developed to identify arrangements that will enable the organization to protect and recover critical activities based on organizational risk tolerance and within defined recovery time objectives. Experience and good practice clearly indicate that the early provision of an overall organizational BCM strategy will ensure BCM activities are aligned with and support the organization’s overall business strategy. The business continuity strategy should be an integral component of an institution’s corporate strategy.
ENG.IT approach to design a strategy is based on the description – by means of alternative scenarios – of the technological asset (scenarios for restoring access to computer systems and critical application data) and logistical asset (scenarios to recover from alternative sites) to recommend in case of an IT disaster.
RPO Recovery Point Objective
RTO Recovery Time Objectives
RTO/RPO vary depending on the strategy:
- High Availability: Hot Standby, Warm Standby, Cold Standby, No DR Standby
- Replication Mode: Synchronous replication, Asynchronous replication, One Shot, Long Term
- Configuration: Single building,Extra-Site (regional or inter-regional), Local Campus (with double building), Regional Campus (with double site), Double Campus (local or regional), Campus (local or regional) with extra-site
Disaster Recovery for the Engineering Cloud
The Disaster Recovery architecture on which the Cloud Engineering solution is based is implemented through primary and secondary Data Center infrastructures, replicated through asynchronous replication in the Azure Fabric, or through storage replication. Each Data Center can manage its Tenant in Active-Active mode and be replicated on the Secondary Disaster Recovery Data Center.