Á¤º¸½Ã½ºÅÛÀÌ µµÀÔµÇÁö ¾Ê¾Ò´ø ÀÌÀü ½Ã±âÀÇ ¼öÀÛ¾÷(manual processes)À» ÅëÇÑ ¾÷¹«¼öÇàÀÌ ÀÌÁ¦´Â ±ØÈ÷ Á¦ÇÑÀûÀÎ ¼öÁØ¿¡¼ °¡´ÉÇÒ Á¤µµ·Î, ÄÄÇ»ÅͽýºÅÛ Àå¾Ö°¡ ÀϾÀ» ¶§ À̸¦ º¹±¸ÇÏÁö ¾Ê°í Àü¸é ¼öÀÛ¾÷À¸·Î ¾÷¹«¸¦ ÁøÇàÇÑ´Ù´Â °ÍÀº »ó»óµµ ÇÒ ¼ö ¾ø´Ù. ÀÌ·¯ÇÑ ÀÌÀ¯·Î ÀçÇغ¹±¸(DR, disaster recovery) ¼ºñ½º¿Í »ê¾÷ÀÌ »ý°Ü³µÀ¸¸ç, ¾ÆÁ÷±îÁöµµ DRÀº Á¤º¸½Ã½ºÅÛ Áï ±â¼úÀû ȯ°æ(technology environment)ÀÇ º¹±¸·Î ÀϹÝÀûÀ¸·Î ÀÌÇصǰí ÀÖ´Ù.
It all started in the data center. Once computers became part of the business landscape, even before the introduction of personal computers on individual desks, it became pretty clear we could not return to our manual processes if our computers failed. The business model changed. The work people did with manual general ledgers in ledger books or with their hands in a manufacturing environment were now done more consistently, with fewer errors and many times faster by computers and if those computer systems failed, there were not enough people nor did the people in the business still have the skill to do it manually anymore. The disaster recovery industry was born! Still today, the term “disaster recovery” (DR) commonly means recovery of the technology environment.
µ¥ÀÌÅͼ¾ÅÍ(ÀçÇغ¹±¸¼¾Å͸¦ Æ÷ÇÔÇØ)°¡ Á¸ÀçÇÏ´Â ÀÌÀ¯´Â ´Ü ÇϳªÀÌ´Ù. ȸ»ç, Á¶Á÷ÀÇ ÁÖ¿ä¾÷¹«°¡ ÁߴܾøÀÌ ¼öÇàµÉ ¼ö ÀÖ´Â ¿¬¼Ó¼ºÀ» È®º¸ÇØÁÖ±â À§ÇÑ °ÍÀÌ´Ù.
It took some time, and for many industries not ‘til after the events of Sept. 11, 2001, to realize that it really did not matter if we brought back the data center if they were not business people to use it. The people who run data centers sometimes forget that the only reason we have data centers is for the business to run and that if it were not for the business, the people who make the money, we would not need the data center.
ÀçÇØ ¹ß»ý ½Ã ½ÇÇà °¡´ÉÇÑ(viable) BCPü°è°¡ ¾ø¾î ȸ»ç°¡ °¨³»ÇØ¾ß ÇÏ´Â ºñ¿ë°ú ¸®½ºÅ©¿¡ ´ëÇؼ ¸íÈ®È÷ ÇØ¾ß ÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù. ȸ»ç°¡ Á÷¸éÇÏ´Â ¸®½ºÅ©´Â º¸Åë ÀüÅëÀûÀÎ ¸®½ºÅ© ¿µ¿ªÀÎ À繫(financial)¸®½ºÅ©¿Í ÆòÆÇ(reputational)¸®½ºÅ©, ±ÔÁ¦/ÁØ°Å(regulatory)¸®½ºÅ© µîÀ» µé ¼ö ÀÖ´Ù.
To convince leadership of the need to build a viable business continuity plan you need to help them understand the risk they are accepting by not having one and the cost to the corporation if a disaster were to occur. The risks to the corporation are financial (how much money the corporation stands to lose), reputational (how badly the corporation will be perceived by its customers and its shareholders) and regulatory (fines or penalties incurred, lawsuits).
À繫¸®½ºÅ©´Â Á¤·®È, °è·®ÈÇϱⰡ ¿ëÀÌÇÑ ¸¸Å ¸®½ºÅ©°ü¸®¸¦ À§ÇØ ÇÊ¿äÇÑ ¿¹»ê, ºñ¿ë»êÁ¤ÀÌ »ó´ëÀûÀ¸·Î ¸íÈ®ÇÏ´Ù. ÀϹÝÀûÀ¸·Î ¹ß»ý°¡´É¼º(Probability of Harm (P))¿¡ ¹ß»ý±Ô¸ð(Magnitude of Harm (M))¸¦ °öÇÑ °ÍÀ» ¸®½ºÅ©¹ß»ýÀ¸·Î ÀÎÇÑ ¿µÇâ, Ãæ°ÝÀ» ¸·±â À§ÇÑ ÀÏ·ÃÀÇ ¿¹¹æ, ´ëÀÀ¿¡ µå´Â ºñ¿ë(Cost of Prevention (C)) ¼öÁØÀ¸·Î º»´Ù.
Financial risks can be quantified in many cases and are generally used to help determine how much money should be spent on the recovery program. You are most likely only to be able to defend spending the amount of money that is actually at risk from an event. One of the ways financial risk can be calculated is using the formula (p*m=c). Probability of Harm (P): the chance that a damaging event will occur times the Magnitude of Harm (M): the amount of financial damage that would occur should a disaster happen equals Cost of Prevention (C): the price of putting in place a means of preventing the disaster’s effects.
ÆòÆǸ®½ºÅ©´Â »ó´ëÀûÀ¸·Î Á¤·®ÈÇϱ⠾î·ÆÁö¸¸ ´º½º¹Ìµð¾î µîÀ» ÅëÇØ ¸Å¿ì Ä£¼÷Çϸç ȸ»ç ÃÖ°í°æ¿µÁøÀÌ °¡Àå ¿ì·ÁÇÏ´Â ¸®½ºÅ© Áß ÇϳªÀÌ´Ù. ¿£·Ð(Enron)ÀÇ È¸°èÀåºÎ Á¶ÀÛ»ç°Ç°ú ÀÌ¿Í ¿¬·çµÅ ¹Ì±¹ ÃÖ´ë ȸ°è¹ýÀÎ Áß ÇϳªÀÎ ¾Æ´õ¿£´õ½¼(Authur Anderson)ÀÌ ¹®À» ´Ý¾Ò°í, ¹Ì±¹Àε鿡°Ô Ä£¼÷ÇÑ À̹ÌÁö¸¦ °¡Á³´ø ¸¶»ç ½ºÆ©¾îÆ®(Martha Stewart)°¡ ¾ÆÀÓŬ·Ð ÁÖ½ÄÀ» ³»ºÎ °Å·¡ÇÑ ÇøÀÇ·Î ½ÅÀεµ¿¡ Ä¡¸íÀûÀÎ ¿µÇâÀ» ¹ÞÀº »ç·Ê µîÀ» ¶°¿Ã¸®¸é ÀÌÇØ°¡ ½¬¿ï °ÍÀÌ´Ù. ¿©±â¼´Â ¹Ìµð¾î ´ëÀÀ µîÀÇ È¿°úÀûÀÎ À§±â°ü¸®Ä¿¹Â´ÏÄÉÀ̼ÇÀÇ Á߿伺µµ °Á¶µÈ´Ù.
Reputational risk is harder to quantify but it is clear in many industries that your competitor is a click away. If you cannot meet my need when I want, it is not hard to find someone else who will. There are also many examples of impact to stock price in the wake of a disaster that is not managed properly. Ask the leadership what they think of when you give them these examples: 쪾 Martha Stewart Industries 쪾Enron 쪾Arthur Anderson Effective crisis management can be the difference between a company surviving an event and a company ceasing to exist.
±ÔÁ¦¸®½ºÅ©´Â °ü·Ã ¹ýÀ̳ª °¨µ¶´ç±¹ÀÇ ±ÔÁ¦³»¿ëÀ» Á¦´ë·Î ÁؼöÇÏÁö ¸øÇØ ÇØ´ç ȸ»ç³ª Á¶Á÷¿¡ ½ÇÁúÀûÀÎ ¼Õ½ÇÀ» ÃÊ·¡ÇÏ´Â ¸®½ºÅ©·Î ÀÌÇصȴÙ.
Regulatory risk is clearly defined by the industry the organization is a part of; however, no matter what industry you are in, what is commonly referred to as the prudent man law applies: exercise same care in managing company affairs as in managing own affairs.
Àü»çÀû ºñÁî´Ï½º¿¬¼Ó¼º(°ü¸®)ÇÁ·Î±×·¥ µµÀÔÀ» ÃÖ°í°æ¿µÁøÀ¸·ÎºÎÅÍ ½ÂÀÎ ¹Þ°í ³ª¼ °¡Àå ¸ÕÀú ÇØ¾ß ÇÏ´Â ÀÏÀº À̸¦ ¸Ã¾Æ¼ ¼öÇàÇÏ´Â ÆÀ, Áï Á¶Á÷À» ¸¸µé¾î¾ß ÇÑ´Ù. ½ÇÇà·Â ÀÖ´Â °èȹÀ» ¸¸µé·Á¸é ȸ»çÀÇ ÁÖ¿ä ±â´É/ºÎ¼ º°·Î Àû¾îµµ ÇÑ ¸í ÀÌ»óÀÇ Âü¿©¿Í ¿ªÇÒÇÒ´çÀÌ ÇʼöÀûÀÌ´Ù. ´ÙÀ½Àº °¢ °³º° BCP ´ã´çÀÚ°¡ ÇØ¾ß ÇÒ ÀÏ°ú ¾ó¸¶³ª ÀÚÁÖ Àü»çÀûÀÎ ºñ»ó°èȹÀ» º¸°íÇØ¾ß ÇÏ°í, °»½Å½ÃÄÑ¾ß ÇÏ´ÂÁö¸¦ º¸¿©ÁÖ°í ÀÖ´Ù.
Once you have leadership buy into build an enterprise wide program, the first step to getting there is defining your team. To build a plan that actually works, you must have at least one person from each functional area of the company to assist in building a plan. These individuals will be given as series of tasks to complete in support of the program. The following list outlines what each business contingency planner needs to have done and how often it needs to be submitted to corporate contingency planning. Business contingency planners may have additional responsibilities and deliverables specific to the individual company.
BCP ´ã´çÀÚ´Â °¡Àå ¸ÕÀú ºñÁî´Ï½º Áß´Ü ½Ã º¹±¸¾÷¹«¸¦ ¼öÇàÇÒ Àη°ú Ä¿¹Â´ÏÄÉÀÌ¼Ç ÇÒ ¼ö ÀÖ´Â ºñ»ó¿¬¶ô¸Á(emergency notification list (ENL))À» È®º¸ÇØ¾ß ÇÑ´Ù. ´ÙÀ½ ÇÒ ÀÏÀº ¾÷¹«º¹±¸¿¡ ÇÊ¿äÇÑ Áß¿äÁ¤º¸ ¹× ±â·Ï(vital records)À» ¾ÈÀüÇÑ ¿ø°ÝÁö¿¡ ¹é¾÷ÇØ ºñ»ó½Ã¿¡ Á¢±Ù °¡´ÉÇÒ ¼ö ÀÖµµ·Ï ÇØ¾ß ÇÑ´Ù. Áß¿äÁ¤º¸ ¹× ±â·Ï¿¡´Â ½Ã½ºÅÛ ¹é¾÷À» ÅëÇØ º¸°üµÇ´Â ÀüÀÚ¹®¼, ÆÄÀÏÇüÅÂ»Ó ¾Æ´Ï¶ó Á¾À̹®¼, ±×¸®°í ¾÷¹«ÀýÂ÷¼, ¹®¼¾ç½Ä, °è¾à¼, Áõ¼ µîÀ» µé ¼ö ÀÖ´Ù.
The business continuity planner should focus first on identifying the people in their functional areas that they would need to contact to assist in the management of an event that impacted their ability to do business as usual. This will result in an emergency notification list (ENL) for each team. The next step is to make certain that all the records needed to rebuild the business are stored in a secure offsite location that would survive an event and be accessible immediately following an event. These records include both traditional records like server backup and paper files and other non-traditional records like procedures manuals, forms and letterhead.
Á¶Á÷°ú ºñ»ó¿¬¶ô¸Á, ±×¸®°í Áß¿äÁ¤º¸¿Í ±â·ÏÀ» °®Ãß°í ³ ÈÄ ÇØ¾ß ÇÒ ÀÏÀº ºñÁî´Ï½º¿µÇâºÐ¼®(BIA, Business Impact Analysis)À» ¼öÇàÇÏ´Â °ÍÀÌ´Ù. À̸¦ ÅëÇØ È¸»ç´Â ºñÁî´Ï½º¿¬¼Ó¼º È®º¸¸¦ À§ÇØ ¾î¶² ¾÷¹«¸¦ ¾ó¸¶³ª ºü¸¥ ½Ã°£ ³»¿¡ (º¹±¸¸ñÇ¥¼öÁØ, RTO, Recovery Time Objectives) º¹±¸ÇØ¾ß ÇÏ´ÂÁö¸¦ °áÁ¤ÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. ‘Áß¿äÇÑ(critical)’, ‘ÇʼöÀûÀÎ(essential)’À̶õ ¸»º¸´Ù´Â ‘½Ã±Þ¼ºÀ» ¿äÇÏ´Â(time-sensitive)’¶ó´Â ¿ë¾î°¡ º¸´Ù Á¤È®ÇÏ´Ù. Áï ȸ»ç ÀüüÀûÀ¸·Î º¸¾ÒÀ» ¶§ ÀçÇØ, À§±â»óȲ¿¡¼ Àü¸éÀû ¾÷¹«Áß´ÜÀÌ ¿ÔÀ» °æ¿ì º¹±¸¿¡ ÇÊ¿äÇÑ ÀÚ¿ø°ú ½Ã°£Àº ºÐ¸í Á¦ÇѵŠÀÖ°í, ÀÌ·¯ÇÑ »óȲ¿¡¼ ¿©·¯ ¾÷¹« Áß ºÐ¸í ¿ì¼±ÀûÀ¸·Î º¹±¸µÅ¾ß ÇÏ´Â, Áï ½Ã±Þ¼º °üÁ¡¿¡¼ ´õ Áß¿äÇÑ ¾÷¹«°¡ ºÐ¸í Á¸ÀçÇÑ´Ù. ÀÌ´Â ¾÷¹« ÀÚüÀÇ Á߿伺°ú´Â ´Ù¸¥ Â÷¿øÀÌ´Ù.
Once you have your team and your records (your people and your stuff), the next most important step is to have each business continuity planner perform a business impact analysis or BIA. The BIA is what is going to help the company decide what needs to be recovered and how quickly it needs to be recovered. I dislike the term “critical” or “essential” in the process because no one honestly wants to be considered “non-essential.” I prefer the term “time sensitive.” Generally speaking, organizations do not hire staff to perform non-essential tasks. Every function has a purpose but some are more time sensitive than others when there is limited time or resources available to perform them. Think about it this way, if your bank had a fire that made it impossible for them to continue to work at their primary location, as a customer, you probably could not care when they resumed their marketing campaign or ran their general ledger system but you would be very upset if they could not process your checks or deposits for several weeks.
ȸ»çÀÇ ¸ðµç ±â´É/¾÷¹«¿¡ ´ëÇؼ ¸¸¾à ³»¿ÜºÎ Ãæ°ÝÀ¸·Î ÀÎÇØ Áß´ÜµÆ´Ù°í °¡Á¤ÇÏ¿´À» ¶§ ¾ó¸¶ÀÇ ½Ã°£ ³»¿¡ º¹±¸µÈ´Ù¸é Áß´ëÇÑ À繫Àû, ºñÀ繫Àû ¼Õ½Ç ¿µÇâÀ» ¹ÞÁö ¾ÊÀ» ¼ö ÀÖ´ÂÁö ¶ó´Â °üÁ¡¿¡¼ÀÇ ºÐ¼®ÀÌ ÇÊ¿äÇÏ´Ù. À̸¦ ÅëÇØ Á¦ÇÑµÈ º¹±¸ÀÚ¿ø°ú ¿ª·®ÀÌ ¹Ýµå½Ã ÇÊ¿äÇÑ ¾÷¹«ÀÇ º¹±¸¿¡ ÅõÀԵǰí ÇÒ´çµÉ ¼ö ÀÖ´Ù. º¹±¸ÀÚ¿ø°ú ¿ª·®(resources)¿¡´Â Àü»ê½Ã½ºÅÛ, º¹±¸ÀηÂ, Åë½ÅÀåºñ, ÄÄÇ»ÅÍ, ´ë³»¿Ü Çù·Â/ÀÇÁ¸¼º µîÀ» µé ¼ö ÀÖ´Ù. Àü»ê½Ã½ºÅÛ Æ¯È÷ ÀÀ¿ëÇÁ·Î±×·¥(application systems)¿¡ ´ëÇÑ º¹±¸¿ì¼±¼øÀ§ ¿ª½Ã ÆÄ¾ÇµÅ¾ß Çϴµ¥, À̶§¿¡´Â À̸¦ »ç¿ëÇϴ ȸ»ç Çö¾÷(business functions, Àü»êºÎ¼¿Í ´ëÀÀµÇ´Â ÀǹÌ)ÀÇ ÇÊ¿ä(needs) ÀÇÇØ ¾î¶² ÀÀ¿ëÇÁ·Î±×·¥ÀÌ ¾î¶² º¹±¸¸ñÇ¥½ÃÁ¡À» °¡Á®¾ß ÇÏ´ÂÁö°¡ °áÁ¤µÈ´Ù.
Your organization needs to look at every function in this same light. How long can we not perform this function without causing significant financial losses, significant customer unhappiness or losses or significant penalties or fines from the regulators or courts. All business functions need to be classified based on their recovery priority and once done, your planning team then needs to identify all the resources necessary to perform the functions. Resources include applications systems, minimum staff requirements, phone requirements, desktop requirements, internal and external interdependencies etc. The recovery priority for application systems is also identified during this process. It is the business that decides what application systems need to come back and when based on the needs of the business functions those applications support.
BIA°¡ ¼öÇàµÈ ÈÄ¿¡¾ß ºñ·Î¼Ò ´Ù¾çÇÑ È¸»ç ³»ÀÇ ±â´É¿¡ ÀûÇÕÇÑ º¹±¸Àü·«µéÀ» ÆľÇÇÏ°í ¼ö¸³ÇÏ´Â ÀÛ¾÷À» ½ÃÀÛÇÒ ¼ö ÀÖ´Ù. ¿Ö³ÄÇÏ¸é º¹±¸¸ñÇ¥½Ã°£(recovery timeframe)¿¡ ÀüÀûÀ¸·Î ÀÇÁ¸Çϱ⠶§¹®ÀÌ´Ù. ¶ÇÇÑ º¹±¸Àü·«¿¡´Â ¾Æ·¡ÀÇ »çÇ×µéÀÌ Æ÷Ç﵃ ¼ö ÀÖ´Ù. ´ëü¾÷¹«Àå¼Ò¸¦ ±³À°ÀåÀ̳ª ±¸³»½Ä´ç, ȸÀÇ½Ç µîÀ» ÀÌ¿ëÇÒ ¼öµµ ÀÖ°í(internal arrangement), ´Ù¸¥ ȸ»ç¿Í Çù¾àÀ» ÅëÇØ ºñ»ó½Ã ÀÏÁ¤ Àå¼Ò¿Í ½Ã¼³À» °øÀ¯ÇÏ´Â ¹æ¹ý(reciprocal agreements), Àü¿ë ´ëü»ç¾÷Àå ±¸Ãà(dedicated alternate sites), Çù·Â¾÷üÀÇ ½Ã¼³ È°¿ë(external suppliers) ±×¸®°í ¿ì¼±¼øÀ§¿¡ ¹Ð¸®°Å³ª Áß¿äµµ°¡ ¶³¾îÁö´Â ´ë»ó¿¡ ´ëÇؼ´Â º¹±¸¿¡ µå´Â ºñ¿ëÀ» Á¤´çÈÇϱ⠾î·Æ±â ¶§¹®¿¡ ¾Æ¿¹ º¹±¸Àü·«À» ¼¼¿ìÁö ¾Ê´Â(no arrangements) °Íµµ Àü·«À¸·Î º¼ ¼ö ÀÖ´Ù.
Once the BIA is complete, you can then begin the process of identifying different recovery strategies for the various functions. Recovery strategies are entirely dependent on the the recovery timeframe associated with the function but may include one of more of the following: 쪾Self-service - A business unit can transfer work to another of its own locations which have available facilities 쪾Internal arrangement - Training rooms, cafeterias, conference rooms, etc… may be equipped to support business functions. 쪾Reciprocal agreements - Other business units may be able to accommodate those affected. This could involve the temporary suspension of non-critical functions at the business units not affected by the outage. 쪾Dedicated alternate sites - Built by your company to accommodate critical function recovery. 쪾External suppliers - A number of external companies offer facilities covering a wide range of business recovery needs. 쪾No arrangement - for low priority business functions it may not be cost justified to plan to a detailed level. The minimum requirement would be to record a description of the functions, the maximum allowable lapse time for recovery, and a list of the resources required.
º¹±¸Àü·«ÀÌ ¼ö¸³µÇ°í ³ª¸é ±× ´ÙÀ½ ´Ü°è´Â »ó¼¼°èȹÀ» ÀÛ¼ºÇÏ´Â °ÍÀÌ´Ù. °èȹ¿¡´Â °æ¿µÁø Âü¿©»Ó ¾Æ´Ï¶ó ÀÎ¸íº¸È£¸¦ Æ÷ÇÔÇÏ´Â Àλç(HR) À̽´°¡ ¾î¶»°Ô ´Ù·ïÁ®¾ß ÇÏ´ÂÁö ±â¼úµÅ¾ß ÇÏ°í ´ë³»¿Ü ä³Î, ÀÌÇØ°ü°èÀÚ¿ÍÀÇ Ä¿¹Â´ÏÄÉÀÌ¼Ç ¹æ¹ý, ±×¸®°í °ü·Ã °¢ ºÎ¼¿Í ÆÀÀÌ ¼öÇàÇØ¾ß ÇÏ´Â »ó¼¼¼öÇàÀýÂ÷(action plans)°¡ Æ÷ÇԵǰí ÀÌ °èȹ¼´Â ¿ªÇÒÀ» °®´Â °ü°èµÈ ¸ðµç Á÷¿ø¿¡°Ô ¹èÆ÷, °øÀ¯µÅ¾ß ÇÑ´Ù.
Once recovery strategies have been developed an implemented for each area, the next step is to document the plan itself. The plan includes plan activation procedures, the recovery strategies, it documents management of the recovery efforts, how human resource issues will be handled, how recovery costs will be documented and paid for, document recovery communications to internal and external stakeholders and have detailed actions plans for each team and each team member. The plan then needs to be distributed to everyone who has a role.
´ÙÀ½ ´Ü°è´Â °èȹ/ÇÁ·Î±×·¥¿¡ ´ëÇÑ Áö¼ÓÀûÀÎ Å×½ºÆ®ÀÌ´Ù. ¿©±â¼ ¸»ÇÏ´Â Å×½ºÆ®´Â ½ÇÁ¦·Î ÀÛµ¿µÇÁö ¾Ê´Â ºÎºÐ, ±â´É, °èȹÀ» ¹ß°ßÇØ ½ÃÁ¤, º¸¿ÏÇÏ´Â Áß¿äÇÏ°í, ÇÕ°Ý/ºÒÇÕ°Ý(pass/fail)À» Æò°¡Çϱâ À§ÇÑ °ÍÀÌ ¾Æ´Ï´Ù. ºñ»ó¿¬¶ô¸ÁÀ» °¡µ¿Çغ¸´Â °ÍºÎÅÍ ½Ã³ª¸®¿À¸¦ »óÁ¤ÇØ ÁøÇàÇÏ´Â Å×À̺í ž Å×½ºÆ®, ±×¸®°í ½ÇÁ¦ ´ëü»ç¾÷ÀåÀ¸·Î À̵¿ÇØ ¾÷¹«¸¦ º¹±¸ÇÏ´Â µî ¿©·¯ ÇüÅ·ΠÁøÇàÀÌ °¡´ÉÇÏ´Ù. ±×¸®°í Å×½ºÆ® ÈÄ¿¡ °á°ú¸¦ ¹®¼ÈÇÏ°í °èȹ¼¿¡ ¹Ý¿µÇÏ´Â °ÍÀÌ Áß¿äÇÏ°í, Ç×»ó °Á¶µÇ´Â °ÍÀÌÁö¸¸ ÁÖ±âÀû(Àû¾îµµ ¿¬ 1ȸ)À¸·Î °èȹ¼´Â ÃֽŠ³»¿ëÀ¸·Î ¼öÁ¤, º¸¿ÏµÅ¾ß ÇÏ°í ¸¸¾à ȸ»ç ȯ°æ, Á¶Á÷ÀÇ Áß´ë º¯È°¡ ÀÖ´Â °æ¿ì¿¡´Â Áï½Ã °»½ÅµÅ¾ß ÇÑ´Ù.
The next step is to test, test and test again. When people say test they commonly think “pass or fail”. There is no way to fail a contingency test. If we knew it all worked, we would not bother to test it. The point of a contingency test is to find out what does not work so we can fix it before it happens for real. You should test you notification process using your ENL, your event management process using table top exercise with your teams and test your alternate sites to validate that they have everything you need to do your business for real there. After each test it is important to document your results and update the plan where appropriate. Plans should be updated at least annually and more frequently if significant changes occur in a business area.
¸¶Áö¸·À¸·Î °Á¶µÅ¾ß ÇÏ´Â ºÎºÐÀº ȸ»ç ¸ðµç ±¸¼º¿øÀÌ °èȹÀ» ¼÷ÁöÇÏ´Â °ÍÀÌ´Ù. ½ÅÀÔ»ç¿ø±³À°¿¡¼µµ ÀÌ·¯ÇÑ ºñ»ó°èȹ, BCP¿¡ ´ëÇÑ ±³À°ÀÌ ÇÊ¿äÇϸç, ¾Õ¼ ¾ð±ÞÇÑ Å×½ºÆ®¸¦ ÀÌ¿ëÇØ ÀνÄÀç°í¸¦ ÇÒ ¼ö ÀÖ´Ù. Àü ÀÓÁ÷¿øÀÇ BCP¿¡ ´ëÇÑ °ü½É°ú ÀÎÁö¼öÁØÀ» ³ô¿© Ã¥ÀÓÀ» °øÀ¯ÇÏ°í Á߿伺À» ÀνĽÃÅ°´Â °ÍÀÌ ÇÙ½ÉÀÌ´Ù.
Make sure all employees are aware of the plan and its contents. Incorporate contingency planning awareness in to your new hire orientation. Conduct test with different groups. Awareness by all is the key. “Share the responsibility”
±â°íÀÚ : Ä̸® ¿ÀÄݸ®Å¸, MBCP
¹ø¿ª : À¯Á¾±â, ¿µ±¹ BCI(Business Continuity Institute) Çѱ¹´ëÇ¥, Deloitte ¾ÈÁøȸ°è¹ýÀÎ ±â¾÷¸®½ºÅ©ÀÚ¹®º»ºÎ ¸Å´ÏÀú,
BS 25999 Technical Expert (registered by BSI) ¹ø¿ª : Kelley Okolita, MBCP, is the business continuity/disaster recovery program manager for The Hanover Insurance Company. She has more than 20 years experience in BCP, from data center and business-wide perspective. Okolita has served as a chairperson of the DRI International Certification Commission, International Affairs Committee and the DRI International Board of Directors. She is a well known speaker in the industry and author of various articles. |
marketing@di-focus.com
