|
BCP / Business Continuity Planning
Prime elements:
- Scope and Plan Initiation
- Business Impact Assessment
- Business Continuity Plan Development
- Plan Approval and Implementation
Scope and Plan Initiation:
Marks the beginning of the BCP process
It entails creating the scope for the plan.
Roles and Responsibilities -
The BCP Commitee:
Should be formed and given the responsibility to create, implement and test the plan.
Is made up of representatives from senior management, all functional business units, information systems and security administrator.
Senior Management's Role:
Is ultimate responsible for all four phases of the plan.
BIA / Business Impact Assessment:
Is a process used to help business units understand the impact of a disruptive event.
The impact may be financial (quantitative) or operational (qualitative, such as the inability to respond to customer)
A vulnerability assessment is often a part of the BIA process.
It identifies the company's critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of a disaster or disruption.
Three main primary goals of BIA -
- Criticality Prioritization:
Every critical business unit process must be identified and prioritized and the impact of a disruptive event must be evaluated.
- Downtime Estimation:
Estimates the MTB / Maximum Tolerable Downtime that the business can tolerate and still remain a viable company.
- Resource Requirements:
The resource requirements for the critical processes are also identified at this time, with the most time-sensitive processes receiving the most resource allocation.
Four steps of BIA -
- Gathering the needed assessment materials:
Identifying which business units is critical to continuing an acceptable level of operations.
- Performing the vulnerability assessment:
Is smaller than a full risk assessment and is focused on providing information that is used solely for the BCP or DRP.
A function is to conduct a loss impact analysis.
Critical support areas must be defined.
- Analyzing the information compiled:
|
|
