Business Continuity Plan .
-
Upload
roy-lester -
Category
Documents
-
view
228 -
download
6
Transcript of Business Continuity Plan .
• Business Continuity Plan
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 Business continuity planning
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 A business continuity plan is a roadmap for continuing operations under adverse conditions such as a
storm or a crime
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 Any event that could impact operations is included, such as
supply chain interruption, loss of or damage to critical infrastructure
(major machinery or computing/network resource). As such, risk management must be
incorporated as part of BCP.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 In December 2006, the British Standards Institution (BSI) released an independent
standard for BCP — BS 25999-1. Prior to the introduction of BS 25999, BCP professionals relied on information security standard BS
7799, which only peripherally addressed BCP to improve an organization's information security procedures. BS 25999's applicability extends to all organizations. In 2007, the BSI published BS 25999-2 "Specification for Business Continuity
Management", which specifies requirements for implementing, operating and improving a
documented business continuity management system (BCMS).
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 Business continuity management is standardised across the UK by British Standards (BS) through BS 25999-2:2007 and BS 25999-1:2006. BS 25999-2:2007 business continuity
management is the British Standard for business continuity management across all organizations. This includes industry and its
sectors. The standard provides a best practice framework to minimize disruption during
unexpected events that could bring business to a standstill. The document gives you a practical
plan to deal with most eventualities – from extreme weather conditions to terrorism, IT
system failure and staff sickness. (British Standards Institution, 2006)
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 This document was superseded in November 2012 by the British
standard BS ISO22301:2012. (British Standards Institution, 2012)
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 In 2004, following crises in the preceding years, the UK government passed the Civil Contingencies Act 2004 (The Act). This provides the
legislation for civil protection in the UK.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 The Act was separated into two distinct parts: Part 1 focuses on local
arrangements for civil protection, establishing a statutory framework of
roles and responsibilities for local responders. Part 2 focused on
emergency powers, establishing a modern framework for the use of
special legislative measures that might be necessary to deal with the effects of
the most serious emergencies.https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning
1 The Act is telling responders and planners that businesses need to
have continuity planning measures in place in order to survive and
continue to thrive whilst working towards keeping the incident as
minimal as possible. (Cabinet Office, 2004)
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 A Business impact analysis (BIA) differentiates critical (urgent) and non-
critical (non-urgent) organization functions/activities. Critical functions
are those whose disruption is regarded as unacceptable. Perceptions of
acceptability are affected by the cost of recovery solutions. A function may also be considered critical if dictated by law. For each critical (in scope) function, two
values are then assigned:https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 Recovery Time Objective (RTO) – the acceptable amount of time to restore the
function
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 The recovery point objective must ensure that the maximum tolerable
data loss for each activity is not exceeded. The Recovery Time Objective must ensure that the Maximum Tolerable Period of
Disruption (MTPoD) for each activity is not exceeded.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 Next, the impact analysis results in the recovery requirements for each
critical function. Recovery requirements consist of the following
information:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 The business requirements for recovery of the critical function,
and/orhttps://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Business impact analysis (BIA)
1 The technical requirements for recovery of the critical function
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Threat and risk analysis (TRA)
1 After defining recovery requirements, each potential threat may require unique recovery steps. Common
threats include:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Threat and risk analysis (TRA)
1 The impact of an epidemic can be regarded as purely human, and may
be alleviated with technical and business solutions. However, if people behind these plans are
affected by the disease, then the process can stumble.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Threat and risk analysis (TRA)
1 During the 2002–2003 SARS outbreak, some organizations grouped staff into
separate teams, and rotated the teams between primary and secondary work sites,
with a rotation frequency equal to the incubation period of the disease. The
organizations also banned face-to-face intergroup contact during business and non-business hours. The split increased
resiliency against the threat of quarantine measures if one person in a team was
exposed to the disease.https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Impact scenarios
1 After defining threats, impact scenarios form the basis of the business recovery plan. In general, planning for the most wide-reaching impact is preferable. A
typical impact scenario such as "building loss" encompasses most critical business
functions. A BCP may document scenarios for each building. More
localized impact scenarios – for example loss of a specific floor in a building – may
also be documented.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Recovery requirement
1 After the analysis phase, business and technical recovery requirements precede
the solutions phase. Asset inventories allow for quick identification of
deployable resources. For an office-based, IT-intensive business, the plan
requirements may cover desks, human resources, applications, data, manual
workarounds, computers and peripherals.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Recovery requirement
1 Other business environments, such as production, distribution,
warehousing etc. will need to cover these elements, but likely have
additional issues.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 The solution design phase identifies the most cost-effective disaster recovery
solution that meets two main requirements from the impact analysis
stage. For IT purposes, this is commonly expressed as the minimum application and data requirements and
the time in which the minimum application and application data must
be available.https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 Outside the IT domain, preservation of hard copy information, such as
contracts, skilled staff or restoration of embedded technology in a process plant must be considered. This phase
overlaps with disaster recovery planning methodology. The solution
phase determines:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 crisis management command structure
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 telecommunication architecture
between primary and secondary work
siteshttps://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 applications and data required at the secondary work site, and
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Solution design
1 physical data requirements at the secondary work site.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Implementation
1 The implementation phase involves policy changes, material acquisitions, staffing and
testing.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and organizational acceptance
1 The purpose of testing is to achieve organizational acceptance that the
solution satisfies the recovery requirements. Plans may fail to meet
expectations due to insufficient or inaccurate recovery requirements,
solution design flaws or solution implementation errors. Testing may
include:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and organizational acceptance
1 Crisis command team call-out testing
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and organizational acceptance
1 At minimum, testing is conducted on a biannual
schedule.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and organizational acceptance
1 The 2008 book Exercising for Excellence, published by The British Standards Institution identified three
types of exercises that can be employed when testing business
continuity plans.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Tabletop exercises
1 Tabletop exercises typically involve a small number of people and
concentrates on a specific aspect of a BCP. They can easily accommodate complete teams from a specific area
of a business.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Tabletop exercises
1 Another form involves a single representative from each of several teams. Typically, participants work through simple scenario and then
discuss specific aspects of the plan. For example, a fire is discovered out
of working hours.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Tabletop exercises
1 The exercise consumes only a few hours and is often split into two or three sessions, each concentrating
on a different theme.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Medium exercises
1 A medium exercise is conducted within a "Virtual World" and brings together several
departments, teams or disciplines. It typically concentrates on multiple BCP
aspects, prompting interaction between teams. The scope of a medium exercise can
range from a few teams from one organisation co-located in one building to multiple teams operating across dispersed locations. The environment needs to be as
realistic as practicable and team sizes should reflect a realistic situation. Realism may extend to simulated news broadcasts
and websites.https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Medium exercises
1 A medium exercise typically lasts a few hours, though they can extend over several days. They typically
involve a "Scenario Cell" that adds pre-scripted "surprises" throughout
the exercise.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Complex exercises
1 A complex exercise aims to have as few boundaries as possible. It
incorporates all the aspects of a medium exercise. The exercise
remains within a virtual world, but maximum realism is essential. This might include no-notice activation,
actual evacuation and actual invocation of a disaster recovery site.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Complex exercises
1 While start and stop times are pre-agreed, the actual duration might be unknown if events are allowed to run
their course.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Maintenance
1 Biannual or annual maintenance cycle maintenance of a BCP manual is broken down into three periodic
activities.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Maintenance
1 Confirmation of information in the manual, roll out to staff for
awareness and specific training for critical individuals.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Maintenance
1 Testing and verification of technical solutions established for recovery operations.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Maintenance
1 Testing and verification of organization
recovery procedures.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Maintenance
1 Issues found during the testing phase often must be reintroduced to the analysis phase.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Information/targets
1 The BCP manual must evolve with the organization. Activating the call tree verifies the notification plan's efficiency as well as contact data accuracy. Types of changes that
should be identified and updated in the manual include:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Information/targets
1 Organization structure changes
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Information/targets
1 Communication and transportation
infrastructure such as roads and
bridgeshttps://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Technical
1 Specialized technical resources must be maintained. Checks
include:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Technical
1 Application security and service patch distribution
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and verification of recovery procedures
1 As work processes change, previous recovery procedures may no longer be suitable.
Checks include:
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and verification of recovery procedures
1 Are all work processes for critical functions
documented?
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and verification of recovery procedures
1 Have the systems used for critical
functions changed?
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and verification of recovery procedures
1 Are the documented work checklists meaningful and
accurate?
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Testing and verification of recovery procedures
1 Do the documented work process recovery tasks and supporting
disaster recovery infrastructure allow staff to recover within the
predetermined recovery time objective?
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Notes
1 Jump up ^ Elliot, D.; Swartz, E.; Herbane, B. (1999) Just waiting for
the next big bang: business continuity planning in the UK finance
sector. Journal of Applied Management Studies, Vol. 8, No, pp.
43–60. Here: p. 48.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Notes
1 Jump up ^ Intrieri, Charles (10 September 2013). "Business Continuity Planning". Flevy.
Retrieved 29 September 2013.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Notes
1 Jump up ^ British Standards Institution (2006). Business
continuity management-Part 1: Code of practice :London
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Notes
1 Jump up ^ British Standards Institution (2012). Societal security –
Business continuity management Systems – Requirements: London
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Notes
1 Jump up ^ Cabinet Office. (2004). overview of the Act. In: Civil
Contingencies Secretariat Civil Contingencies Act 2004: a short.
London: Civil Contingencies Secretariat
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Bibliography
1 Business Continuity Planning, FEMA,
Retrieved: June 16, 2012
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Bibliography
1 Continuity of Operations Planning (no date). U.S. Department of Homeland
Security. Retrieved July 26, 2006.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Bibliography
1 Purpose of Standard Checklist Criteria For Business Recovery (no
date). Federal Emergency Management Agency. Retrieved July
26, 2006.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Bibliography
1 NFPA 1600 Standard on Disaster/Emergency Management
and Business Continuity Programs — PDF (2010). National Fire Protection
Association.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Bibliography
1 United States General Accounting Office Y2k BCP Guide (August 1998).
United States Government Accountability Office.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO/IEC 27001:2005 (formerly BS 7799-2:2002) Information Security Management
System
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO/IEC 27002:2005 (renumerated ISO17999:2005) Information Security
Management – Code of Practice
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO/IEC 27031:2011 Information technology - Security techniques -
Guidelines for information and communication technology readiness
for business continuity
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity
management
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO/IEC 24762:2008 Guidelines for information and communications
technology disaster recovery services
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO 22301:2012 Societal security - Business continuity management systems -
Requirements
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - International Organization for Standardization
1 ISO 22313:2012 Societal security - Business continuity management systems - Guidance
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - British Standards Institution
1 BS 25999-1:2006 Business Continuity Management Part 1:
Code of practice
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 "A Guide to Business Continuity Planning" by James C. Barnes
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 "Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L
Fulmer
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 "Business Continuity Plan Design, 8 Steps for Getting Started Designing a Plan" By Richard
Kepenach
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 "Disaster Survival Planning: A Practical
Guide for Businesses" by Judy
Bellhttps://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32–34.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Business continuity planning - Others
1 Exercising for Excellence (Delivering successful business continuity
management exercises) by Crisis Solutions
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Crisis management - Business continuity planning
1 When a crisis will undoubtedly cause a significant disruption to an
organisation, a business continuity plan can help minimize the disruption
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Crisis management - Business continuity planning
1 Each critical function and or/process must have its own contingency plan in the event that one of the functions/processes ceases or fails, then the business/organisation is more resilient, which in itself provides a mechanism to lessen the possibility of
having to invoke recovery plans (Osborne, 2007). Testing these contingency plans by
rehearsing the required actions in a simulation will allow those involved to
become more acutely aware of the possibility of a crisis. As a result, and in the event of an actual crisis, the team members
will act more quickly and effectively.https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Crisis management - Business continuity planning
1 A note of caution when planning training scenarios, all too often simulations can lack ingenuity, an appropriate level of
realism and as a consequence potentially lose their training value. This part can be improved by employing external exercise
designers who are not part of the organisational culture and are able to test
an organisations response to crisis, in order to bring about a crisis of confidence
for those who manage vital systems (Borodzicz, Edward P. (2005). Risk, Crisis
Security Management).
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Crisis management - Business continuity planning
1 Following a simulation exercise, a thorough and systematic debriefing
must be conducted as a key component of any crisis simulation. The purpose of this is to create a link and draw lessons from the reality of
the simulated representation and the reality of the real world. (Borodzicz,
2005).
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Crisis management - Business continuity planning
1 The whole process relating to business continuity planning should be periodically reviewed to identify any number of changes that may
invalidate the current plan. (Osborne, 2007).
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Facility management - Business continuity planning
1 All organisations should have in place a continuity plan so that in the event of a
fire or major failure the business can recover quickly. In large organisations it may be that the staff move to another site that has been set up to model the
existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Disaster recovery plan - Relationship to the Business Continuity Plan
1 The Institute further states that a Business Continuity Plan (BCP)
consists of the five component plans:[http://www.sans.org/reading_room/w
hitepapers/recovery/disaster-recovery-plan_1164 The Disaster
Recovery Plan.] Chad Bahan
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Disaster recovery plan - Relationship to the Business Continuity Plan
1 * Business Resumption Plan
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Disaster recovery plan - Relationship to the Business Continuity Plan
1 * Continuity of Operations Plan
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Disaster recovery plan - Relationship to the Business Continuity Plan
1 The Institute states that the first three plans (Business Resumption, Occupant
Emergency, and Continuity of Operations Plans) do not deal with the IT infrastructure.
They further state that the Incident Management Plan (IMP) does deal with the IT infrastructure, but since it establishes
structure and procedures to address cyber attacks against an organization’s IT
systems, it generally does not represent an agent for activating the Disaster Recovery
Plan, leaving The Disaster Recovery Plan as the only BCP component of interest to IT.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Disaster recovery plan - Relationship to the Business Continuity Plan
1 The Disaster Recovery Institute International states that disaster recovery is the area of business
continuity that deals with technology recovery as opposed to the recovery of business operations.Disaster Recovery
Institute International. Course BCLE 2000. Participant Guide: Professional
Practice 6. Page 17. 2012.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Facilities management - Business continuity planning
1 All organizations should have in place a continuity plan so that in the event of a
fire or major failure the business can recover quickly. In large organizations it may be that the staff move to another site that has been set up to model the
existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
Emergency procedure - Business Continuity Planning
1 Business continuity planning may also feed off of the emergency procedures,
enabling an organization to identify points of vulnerability and minimise the risk to the business by preparing backup plans and improving resilience. The act of producing the procedures may also
highlight failings in current arrangements that if corrected, could
reduce the risk levels.
https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
For More Information, Visit:
• https://store.theartofservice.com/the-business-continuity-plan-toolkit.html
The Art of Servicehttps://store.theartofservice.com