Successful business resiliency ensures employee safety, maintains operational continuity, and meets existing customer obligations through events that would halt an unprepared organization.
Cisco achieves resiliency through three principal areas of focus: business resiliency, incident management, and IT DR. Cisco maintains our readiness by proactively assessing operational risks, establishing contingency plans, and administering incident response training.
Cisco assesses and mitigates potential business disruptions through our Global Business Resiliency (GBR) Program. Under this program, all corporate business units are required to maintain and exercise alternate operation strategies. The Global Business Resiliency Program office validates that each business unit’s resiliency strategies are effective and meet the global policy requirements established by the program office. For critical business operations, we conduct audits of business continuity plans and moderate annual exercises to ensure their plan efficiently mitigates realistic disruptions.
Q: Describe Cisco's overall business resiliency strategy
A: The business resiliency program is committed to providing a readiness state for the company that protects Cisco's top priorities:
The Business Continuity Management policy calls for reviews, updates, and testing of Business Continuity Plans at scheduled intervals. Cisco's Business Continuity Management strategy includes prioritizing key processes and functions utilizing Business Impact Analyses for processes and Service Impact Analyses for applications supporting business processes. Each of the critical processes and applications has resiliency plans to restore their functionality.
Q: What type of scenarios or business interruptions does Cisco plan for as part of its business resiliency program?
A: As part of our best practices approach, Cisco does not plan for specific scenarios. However, the company reviews and prioritizes the recovery of the critical processes, systems, and vendors that may be impacted during any disruptive event via an all hazards approach. With this approach, we capture the relevant elements to work effectively within any scenario.
Q: Does Cisco have a dedicated team of professionals focused on business continuity and disaster recovery?
A: Yes, Cisco has a dedicated Global Risk Management department within the finance organization. One of this department's responsibilities is governance of the cross-functional teams to ensure adherence to business continuity plans and testing. Another department, Safety, Security, and Business Resiliency, is responsible for Cisco's incident management program, and helps ensure the proper programs and operations are in place to support Cisco's Business Continuity Management strategy and execution. Both Global Risk Management and Safety, Security and Business Resiliency partner with various business functions to address the immediate crisis and ensure the continuation of Cisco's business.
Q: In the event of a disaster or significant disruption, does Cisco have documented business continuity plans?
A: Yes, Cisco maintains a set of business continuity plans to help us prepare and react appropriately if faced with external events outside of our control that could disrupt our business. In the event of a disruption, Cisco has a multitiered incident management program that is designed to assess and deal with potential disruptions globally. The program guides decision points for the activation and execution of recovery plans for processes and functions.
Q: In the event of a disaster or significant disruption to critical business processes, does Cisco have documented plans for recovering critical business processes and IT?
A: Yes, Cisco's business continuity plans are designed to recover critical business processes and functions identified in our Business Impact Analyses. In addition, Service Resiliency Plans (SRPs) for recovering IT services that support critical business processes are based on a prioritization process based on their criticality as identified in the Business Impact Analyses. Cisco IT supporting services are categorized into five criticality bands to help ensure the most critical supporting services have documented plans in place to meet the associated service level agreements.
Q: Has Cisco incorporated any specific guidelines or provisions for pandemic influenza in their business continuity plans?
A: Cisco maintains a cross-functional Pandemic Influenza Global Planning Committee to address business, customer, and employee concerns. Led by Safety, Security and Business Resiliency and Global Risk Management, this team includes Cisco representatives from human resources including medical, communications, legal, workplace resources, environmental health and safety, global protective services, and information technology.
The Pandemic Influenza Global Planning Committee is responsible for maintaining the pandemic plan, which includes response plans, communication strategies, and educational awareness. Cisco regularly monitors pandemic-related information and alerts from the Centers for Disease Control (CDC) and the World Health Organization (WHO).
Q: Describe Cisco's process for reviewing and signing off on business continuity plans
A: Cisco's business continuity plans are reviewed and approved by the sponsors of each of the business functions for which plans have been implemented. The plans are also reviewed by Cisco's internal audit teams and as part of select external audits.
Q: How often does Cisco update or review its business continuity plans?
A: It is the responsibility of each business plan owner to complete an annual review and update appropriately. If a material change occurs in the business operations, the plans are to be updated sooner.
Q: Will Cisco provide customers with a copy of the current business continuity plans?
A: Because of the confidential nature of the material they contain, Cisco does not share its business continuity plans with individuals outside the organization. Under certain circumstances, and with non-disclosure agreements (NDAs) in place, Cisco is willing to provide summary information or meet with parties interested in discussing specific parts of the plans.
Q: In the event of a disaster, does Cisco have business continuity plans to address services and products provided to customers that can meet their business recovery requirements?
A: Cisco maintains a network of 24-hour Technical Assistance Centers (TACs) and service parts distribution centers to provide services and support to customers. These globally distributed centers are able to balance a peak workload if one or more sites are impaired. Regional business continuity plans are in place to support and recover global TAC operations.
Q: What is Cisco's overall business resiliency testing strategy?
A: Business continuity plans are tested as part of a maintenance process by each of the business owners. Data restoration plans are also tested in conjunction with business operations and are embedded as part of IT operations teams. When new business operations are established, table top tests are performed as part of the plan development and initial implementation stage.
Once tests are complete, there are corrective actions for any observed deficiencies. Business continuity plans are approved by management following each update. Each business continuity team is expected to conduct an annual exercise. Exceptions can be made only when a team has responded to an actual event during the course of the year which invoked its business continuity plan.
Q: Do internal or external auditors review Cisco's business continuity and disaster recovery tests?
A: Yes, internal and external auditors may review business continuity plan and SRP test results as a part of annual audit activities.
Q: How often does Cisco test its business continuity plans?
A: Business continuity plans are tested when the plans are first created, and as part of annual update and maintenance cycles.
Q: Will Cisco share its test results or conduct joint tests with customers?
A: Cisco's test results are proprietary and are not shared with external parties. We generally do not engage in joint testing, except as it relates to our suppliers, vendors, and critical partners.
Q: Does Cisco have a documented company-level incident management plan that covers internal and external communications during a disruption?
A: Yes, Cisco has a global incident management plan in place, as well as incident management teams at the executive, global, regional, and local levels. These teams make and direct strategic decisions based on input from the functional team representatives. The incident management teams have functional representatives from more than 17 different groups within Cisco.
An activated incident management team serves as the focal point for information gathering and decision making for the execution of the incident management response. Internal and external communications are addressed as part of these plans and specific teams are dedicated to addressing communications needs. The functional incident management teams have responsibility for declaring a disaster within Cisco and invoking the business continuity plans as needed.
Q: How will customers be notified if a disaster at Cisco were assessed as affecting contracted services and products?
A: Your Cisco sales account team will be your primary point of contact and will be responsible for communications about any Cisco business impairment that could impact customers directly. Communications are initiated within the Incident Management Team and managed as part of the Incident Management Team communications plans.
Q: Will Cisco provide a copy of its incident management plan?
A: Because the material is confidential, Cisco does not share its response plan with individuals outside the organization. Under certain circumstances, with the appropriate nondisclosure agreements in place, Cisco is willing to provide summary information or meet with parties interested in discussing specific parts of the plan.
Q: Does Cisco have a system recovery plan for critical systems?
A: Cisco has developed disaster recovery plans for critical applications and services supporting business processes. Additionally, system redundancy is built into the infrastructure of the data systems.
Q: Does Cisco have an alternative site location for data center recovery purposes?
A: Cisco operates development and production data centers around the world. As part of the company's global data center strategy, the company has adopted a paired data center model with a specific architecture to allow maximized network and application resiliency. Prioritization based on the five criticality bands governs aggregated outage and data triage.
In the event of a major disaster, Cisco's key environments can failover to disaster recovery facilities located in Raleigh, North Carolina.
Q: What is Cisco's expected recovery time for your critical business functions?
A: Cisco's recovery time objectives (RTO) are set by identifying which of the five criticality bands the business process falls within via the Business Impact Analysis. These RTOs are based on mission critical operations that include customer support, production, and revenue generation.
Q: Is Cisco's main IT facility or data center located in the same building or office complex occupied by your main business or operations staff?
A: No, Cisco operates development and production data centers worldwide. Most production is run out of North America where there are two primary data centers in San Jose, California, one in Mountain View, California, and two in Richardson, Texas. Some production is also run out of a pair of data centers in Amsterdam. While some of these are co-located with other Cisco offices, others are standalone. IT operations and teams are global and can support local or remote production data centers.
Q: Does Cisco have a workplace recovery plan for its critical sites?
A: Cisco's main campus is spread out over 40 buildings in San Jose, California. In addition, key operations are distributed globally at campus locations. Due to this dispersion of locations, our plans provide flexibility in relocation strategies and are not tied to single sites. We do not employ commercial recovery sites.
Q: Do Cisco's recovery plans cover all sites that you provide contracted services and products from?
A: Yes, our recovery plans for critical processes or functions including customer support (TAC), service logistics, and distribution are on a 24-hour customer support model. Each global site in which a critical function or process resides is included in the function's recovery plans.
Q: Describe the relevant geographical distances pertaining to Cisco's backup facilities
A: Cisco's primary data centers in San Jose, California, and Richardson, Texas are geographically distinct from our alternate data center in Raleigh, North Carolina. Additionally we have production data centers distributed globally supporting regions of our global operations. Data center locations in the United States are staffed by IT operations. Business operations are located in separate buildings across our sites.