Your Proposal:
ITDR Project 2025

At Fixinc, we understand the importance of a solid foundation for every program we initiate. That's why we prioritise an Engagement Meeting, facilitated by our experienced Program Manager. This meeting is a crucial first step to ensure alignment and set clear expectations for all parties involved.

Meeting Details

Facilitation:

Your Program Manager will lead the Engagement Meetings, ensuring a structured and productive session. The meetings will take place on site at the university.

Attendees:

The meetings should be attended by yourself and any key program sponsors. These are individuals who will be significantly involved in the program's roll-out and success and colleagues you expect us to have a high degree of interaction with. In some scenarios, clients invite a member of an executive team should it be valuable to ensure this person is confident in the implementation plan (a great way to get initial buy-in).

Duration:

The meetings typically lasts one hour, providing ample time to cover all essential topics.

The Agenda will include:

1) Introduction:

• Welcome and introductions
• Overview of Fixinc and the program's purpose

2) Discussion Points:

• Scope of Work: A detailed discussion on the scope of the program to ensure clarity and mutual understanding.
• Priorities and Responsibilities: Identifying and assigning key priorities and responsibilities to ensure a smooth workflow.
• Approximate Timescales: Reviewing the tentative timeline for program milestones and deliverables.
• Client Portal Review: A walk-through of the Client Portal, highlighting its features and how it will be used for program management and communication as well as setting up your accounts.
• Program Outcomes and Objectives: Confirming the desired outcomes and objectives to ensure alignment with the client's vision.
• Next Steps: Outlining the immediate next steps following the meeting to maintain momentum.

3) Q&A Session:

• Dedicated time for questions and answers to address any concerns or uncertainties.

Logistics

Timing:

The meeting are scheduled within 7 days of accepting the proposal. This prompt scheduling helps maintain momentum and ensures a timely start to the program.

Rescheduling:

We understand that schedules can change. Therefore, there are opportunities to reschedule if necessary, ensuring all key participants can attend.

Follow-Up:

Minutes from the meetings will be meticulously documented and shared via the Client's Portal. Additionally, the call will be recorded using the chosen meeting software for future reference, all found via the Implementation section of your Client Portal.

Conclusion

The engagement meetings are designed to establish a strong foundation for the program, ensuring all parties are aligned and ready to proceed. With clear communication, defined objectives, and a dedicated time for questions, we aim to set the stage for a successful collaboration.

Review Establishment

Fixinc will create tailored review objectives which will act as a guide to the development of review criteria with a focus on key business functions and program priorities. Review objectives may be based around:

• Compliance with specific guidelines or standards.
• Adequacy and scope of existing preparations.
• Structure, integration and usability of existing measures.
• Current capabilities and preparedness.
• Alignment with overall strategic objectives.

Documentation Review

Fixinc will evaluate crucial aspects of the program by examining existing documentation and records for all pertinent business units, employing the predefined criteria. The review documentation may encompass:

• Policy and framework documentation
• Recovery Plans and BCP documentation
• BIA and risk assessments
• Training and testing documentation
• Other risk management documentation

Interview Facilitation

Fixinc will facilitate 1-hour remote interviews with key representatives from selected business units. Interviews will predominately assess cultural, awareness, and communication considerations, including past experiences and previous engagement in the program.

The interview process will reinforce consultative buy-in for the business continuity program and assist in identifying functional components working well and what could be improved.

Review Outcomes

The Fixinc review program will identify critical areas for improvement by tailoring review objectives, uncover documentation gaps through a thorough examination of existing materials, and enhance stakeholder engagement by facilitating interviews that foster greater commitment to the business continuity program.

The Framework will define the implementation and management approach for the ITDR  Program and align it with best practice standards or guidelines.

The framework will include:

Purpose and Scope

• Purpose: Clear statement of the purpose of the framework.
• Scope: Defines the coverage of the framework, including business functions, geographic locations, and any exclusions.

Objectives

• ITDR Objectives: Specific goals that the framework aims to achieve, such as minimizing downtime and ensuring recovery expectations.

Roles and Responsibilities

• Leadership Roles: Identification of individuals or teams responsible for oversight and implementation of the ITDR plan.
• Staff Responsibilities: Roles of employees in executing and maintaining the ITDR measures.

Business Impact Analysis (BIA)

• Critical Business Functions: Identification and prioritization of critical business processes.
• Impact Assessment: Evaluation of the potential impact of disruptions on business operations.

Risk Assessment

• Risk Identification: Potential risks that could disrupt business operations.
• Risk Mitigation Strategies: Measures to reduce the likelihood and impact of identified risks.

ITDR Strategies

• Recovery Strategies: Detailed plans for restoring critical business functions.
• Resource Allocation: Identification of necessary resources (personnel, technology, facilities).

Recovery Plans

• Detailed Recovery Procedures: Step-by-step procedures for recovering business operations.
• Timeframes: Estimated recovery times for critical functions.

Training and Awareness

• Training Programs: Regular training schedules for staff on business continuity procedures.
• Awareness Campaigns: Initiatives to keep all employees informed about business continuity practices.

Testing and Exercising

• Test Types: Different types of tests (e.g., tabletop exercises, full-scale drills).
• Frequency: Regular testing schedules to ensure plans are effective and up-to-date.

Plan Maintenance

• Review Cycle: Regular review and update schedules for the business continuity plan.
• Continuous Improvement: Mechanisms for incorporating lessons learned from tests and actual incidents.

Compliance and Audit

• Regulatory Requirements: Adherence to relevant laws, regulations, and industry standards.
• Audit Processes: Regular audits to ensure compliance and effectiveness of the ITDR plan.

A clear understanding of your key priorities and dependencies are essential to build effective business continuity strategies.  To achieve this, Fixinc will develop a Business Impact Analysis (BIA) through the facilitation of consultative interviews with business unit representatives.

For each area of the business that undertakes the BIA, outcomes of the BIA process will include confirmation of:

• All mission-critical functions
• Allowable outages and recovery timeframes for each critical function
• Resource requirements and critical dependencies

As part of the BIA process, Fixinc will also facilitate a threat assessment using our proprietary threat forecasting tools to assess relevant business continuity vulnerabilities and plausible disruption scenarios that may impact critical business functions, as identified in the BIAs. This will include:

• Prioritise the organisation’s products and services by determining the MTPD for each.
• Prioritise the process or processes required to deliver the organization’s most urgent products and services, including identification of the activities that make up those processes, if required.
• Prioritise the activities that deliver the most urgent products and services, and determine the resources required for the continuity of these activities following an incident, as well as their interdependencies.
• Perform a final analysis or consolidation of analyses which should lead to the determination of business continuity requirements.
• Identification and categorisation of disruption related threats.
• Review of likely causes, existing controls and potential impacts.
• Prioritisation of all identified risks based on likelihood and impact ratings.
• Grouping and prioritisation of risks into key disruption scenarios.

The ITDR plan will include simple and easy-to-use documentation in the form of action plans covering business recovery and resumption considerations for all relevant disruption scenarios. Plans will also closely align with existing crisis management, emergency management, risk management, IT and operational measures to ensure an integrated outcome.

This will deliver a standardised and integrated protocol for dealing with business disruptions and will include:

• Establishment of required command and control structures, including management roles and responsibilities.
• Communication strategies and supporting templates.
• Incident Assessment tools to measure the severity of an event.
• Impact assessment tools to measure the scale and nature of damage to business operations.
• Practical checklists for immediate operational tasks and escalation procedures to aid with decisions.
• Staff management plans to assist with relocations and recovery of work priorities.
• Resource management plans to effectively coordinate recovery efforts.
• Identification of alternate accommodation and process workarounds.
• Recovery strategies in the form of highly practical checklists, supported by reference procedures.
• Resumption strategies to resume business as usual operations.
• Other supporting tools, documents, and reference materials.

Suitable for staff with overall incident management responsibilities. The 3-hour modular Leadership Program is an industry first management course specifically designed to build awareness, critical skills, and incident leadership capabilities of your team using the latest experiential learning techniques and real-world case studies. Fixinc’s Learning and Development division will organise all pre-training bookings and complete training participant records for all sessions.

The session will deliver the following key outputs:

Understand the current threat Environment:

•  World Economic Forum Report 
• Focused Risks
• Risk Activity

Identify Incident Management Principles:

•  Incident Response Diamond 
• What is an Incident
• Phases of an Incident
•  Incident assessment activity

Demonstrate use of the Incident Management Plan:

•  Initial Actions
• Active Resources
• Manage the Incident
• Stand Down
• Post Incident Review
• Situational Awareness Activity

Disaster Recovery Testing

Testing Disaster Recovery plans and procedures is essential to:

• Confirm the IT Disaster Recovery procedures are accurate.
• Confirm timeframes regarding the restoration of data and recovery of systems.
• Build familiarisation with staff roles, responsibilities, processes and available tools.
• Identify practical program improvements.
• Provide a high level of stakeholder confidence in recovery capabilities.

Working with the IT team, Fixinc will implement a structured program of IT component testing to be conducted at the organisation’s disaster recovery site. This process will include:

Test Plan 

Fixinc will develop a test strategy, outlining all required details for the test program which will include:

• Test objectives.
• Test methodology.
• Test scope and scale.
• Components to be tested.
• Roles and responsibilities. 
• Resource requirements. 
• Timeframes and timescales.
• Test risks and mitigations.
• Performance criteria.

Test Establishment

Fixinc will establish and setup all requirements for the test program, including:

• Development of test runs sheets with all exercise inputs and interactions.
• Engagement of internal and external exercise participants.
• Setup of sites and required equipment.
• Facilitation of test participant briefings.

Test Facilitation

Prior to, and during, the test program, Fixinc’s role will be to: 

• Coordinate, setup, brief and facilitate the testing program from start to finish.
• Observe the effectiveness of IT restore and recovery process. 
• Ensure all issues are identified in tests as they occur.

Test Completion

On completion of the testing program Fixinc will provide:

• Facilitation of debriefs following the test.
• A test report outlining key activities undertaken, performance against established criteria and identification of key deficiencies to be addressed.
• Recommendations to further improve the program.
• Follow up and implementation support as required.
• Endorsement and compliance reports on successful completion.

The travel expenses may include but are not limited to transportation fees, accommodation charges, and meal expenses necessary for the Fixinc member/s presence at the Client’s site, calculated from the Fixinc NZ Office location. Fixinc is committed to charging fair and reasonable travel expenses that are relevant to the program and Client’s location in relation to the closest Fixinc office.