The Business Continuity Management (BCM) module is aimed at making sure that the company is prepared to tackle unexpected risk events that might cause significant business damages, which is why conscious planning and preparation for such risks may become a core objective of business processes.
SeCube is capable of bringing together business and IT technology/service continuity planning and recovery and also of handling them both in a uniform manner. The BCM module is set to support the full life-cycle of business continuity management in a uniform system (taking into account the ISO 22301 standard):
- Operations modelling (Inventory)
- With risk analysis (Risk) and business impact analysis (Governance).
- Defining restoration target times and comparing those with our plans (BCM)
- The preparation of IT DRP detailed plans (BCM)
- Planning the preparation tasks during business-as-usual periods and checking their implementation (BCM)
- Maintaining and reviewing plans (BCM)
- Testing plans (BCM)
- Emergency application and simulations (BCM)
SeCube’s modular structure also supports partial modular use based on requirements.
Disaster Recovery Planning (IT DRP)
Disaster recovery planning (DRP) is primarily focused on planning the recovery of services, IT systems and most important resources used by business/production processes as well as the continuity of service with the needs of the processes served by them taken into consideration. The objective here is to recover the functioning state of business processes, but the emergency management and provision of the continuity of service of necessary resources as fast as possible is always in its main focus.
The main target group of DRP planning is areas responsible for resources serving business / production areas. Areas of IT operations.
IT/technology operations modelling
When performing IT DR planning, the normal operating design of the company should be known and this information should be readily available. The Inventory function can be used to model the operation of IT systems (servers, virtual machines, databased, environments, networks, services, etc.) in detail, and they can be connected to the serviced business/production activities.
Recovery time objectives
Recovery time objective values for resources can be evaluated and determined manually and/or based on the calculations and populations using the results of the business impact analysis (BIA function – Governance module).
- RTO – Recovery Time Objective
- MTPD – Maximum Tolerable Period of Disruption
- RPO – Recovery Point Objective
The restoration capability of the procedures defined in the IT DR plans are compared and continuously monitored with the recovery time objectives.
Continuous maintenance of planning and plans
IT DR and service continuity plans can be drawn up in accordance with objectives for one or more systems, infrastructures, services, and system components, as required by the company’s modelling practice.
Special abilities of the designer function:
- Graphic drafting table: Compile the scope of your IT plan on a visual operational/dependency drafting table, supplemented with simulation functions.
- Emergency actions: Recovery and continuity actions to be executed in emergencies can be drawn up in the breakdown and with the level of detail required by your targets.
- Emergency scenarios: Scenarios are defined emergency or risk events, or emergency recovery methods, to which the manner of executing the emergency action plan can be assigned; scenarios are also supported by the Critical Path – PERT illustration method.
- The software continuously monitors the ETR (Execution Time to Recovery) of the various scenarios, comparing them to recovery time objectives.
- Inventory levels: The BCM module can be used to keep records of and manage warehouse elements and reserves (hot/cold).
- Plan system and reusability: The plans can include cross-references to emergency actions and annexes. This allows the easy creation of type plans or systemized framework plans, with the ability to maintain the elements used by more than one plan in one location.
- Any annexes can be linked to plans (lists, general information, etc.).
- Preparatory actions: Preparatory actions can be defined for the elements of the plan, which actions have to be executed in standstill periods. These tasks can be managed with comprehensive task management functions supported with email notifications.
- Records of historical versions of review logs and plans: The plans are supported with review functions. The review plan versions are used to create historical records; the review plan versions can be viewed in a time machine-like manner, ensuring full audit compliance.
Plans as results: The end products of planning are the detailed IT DR action plans. The plans include the completed emergency actions categorized into scenarios and the preparatory actions necessary to ensure the functioning of the plans. The plans can be exported into Word format.
Continuous maintenance of plans: The software uses validation assessments to constantly monitor the state of the plans and to notify the persons responsible for the plan. The goal is to ensure the plans are functional in case of an emergency and to maintain their applicability:
- Logical errors in planning
- Relevant data changes in Inventory
- Monitoring recovery time objectives and comparing them to the capabilities in the plan
- The current status of preparatory actions effect the operability of the plan
- Review and test results
Tests can be made for the created plans; the testing activity can be planned and managed and a test report can be generated. Test structures (wat should be tested) can be freely compiled using the plans subject to testing. Real execution times can be measured. Test reports in docx format can be generated on the basis of the tests.
Felkészülés cselekvések menedzsmentje
A tervekhez vagy azok egyes elemeihez felkészülési cselekvések rendelhetők, melyeket nyugalmi időszakban kell végrehajtani, annak érdekében, hogy vészhelyzetben a tervek működőképesek legyenek. Ezek lehetnek egyszeri (pl. képesség növelés, dokumentálás, beszerzés), időszakos, vagy folyamatos feladatok. Tesztelési és oktatási feladatok is összeállíthatók. A feladatokhoz feladatmenedzsment funkciók tartoznak, felelősökkel, státuszokkal és email értesítőkkel.
Management of preparatory actions
Preparatory actions can be assigned to the plans or various plan elements; these actions have to be executed in standstill periods in the interest of ensuring that the plans are executable in emergencies. These can be ad hoc (e.g. capability increasing, documentation, procurement), periodical, or continuous tasks. Testing and training tasks can be compiled. Task management functions are associated to the tasks, including responsible persons, statuses, and email notifications.
The simulation function helps the fast modeling of emergency events and searching for applicable IT DR and service continuity plans, including the generation of Word format documents.
The various elements of the plans can be used to simply and quickly compile new ad hoc emergency scenarios, using plan elements specified earlier. This provides decision support based on the usefulness of possible solutions and even the quick development of new recovery scenarios.
What happens if the SeCube system is not available?
The SeCube projects/tenants in which the work is performed can be exported into a single dump file and then imported into any other SeCube framework system, where all data will then be available. The backup system could be, for example:
- Kürt SeCube cloud service or
- An offline SeCube on a laptop in the organization’s cabinet
IT DRP results
- Operating and dependency models of records of systems and services
- Detailed IT DR service continuity plans that can even be exported into MS Word documents
- Management of preparation actions during business-as-usual periods
- Testing protocols and testing reports
- Recovery time objective reports for IT services