...Business Continuity Planning There are a few different definitions of Business Continuity Planning. Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Business continuity plan is a collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. Whatever the definition, every business needs to have a continuity plan in case something happens to their data and information. A business continuity plan is different to a Disaster Recovery plan in that a disaster recovery plan is enacted after the disaster has happened. “A typical Business continuity plan includes: * Plans, measures and arrangements to ensure the continuous delivery of critical services and products, which permits the organization to recover its facility, data and assets. * Identification of necessary resources to support business continuity, including personnel, information, equipment, financial allocations, legal counsel, infrastructure protection and accommodations.”1 Business continuity planning needs to cover the company during a disruption in service from a disaster. The plan should cover all of the following such events: a. Equipment malfunction b. Disruption of power c. Application failure or corruption of the database d. Human error, sabotage or strike e. Malicious software f. Hacking ...
Words: 678 - Pages: 3
...involve the identification, selection, implementation, testing and updating of processes and specific actions necessary to prudently protect criticial busin precesses from the effects of major system and network disruptions and to ensure the timely restoration of business ops if significant disruptions occur BCP and DRP BIA stands for Business Impact Analysis MTD stands for Maximum Tolerable Downtime first step in building BC program Project initiation and management activites of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security ...
Words: 2067 - Pages: 9
...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three...
Words: 2924 - Pages: 12
...– aSSESSmENt WORKSHEEt Perform Business Continuity Implementation Planning Course Name and Number: Student Name: Instructor Name: lab due date: 6 Perform Business Continuity Implementation Planning Overview In this lab, you were asked to begin the business continuity planning process for an e-commerce company, Online Goodies. You reviewed the key business functions and a prioritized list of impacted IT systems, applications, and data provided by your supervisor. You also compared the components of the major documentation required by the business continuity planning process: risk analysis, business impact analysis, business continuity plan, disaster recovery plan, and the business continuity implementation plan. Lab Assessment Questions & Answers 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. BIA the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery plan is have a full access to recover any lost data or essentials after a disaster while the business continuity is having what ever bare bones essentials...
Words: 681 - Pages: 3
...that: - Identifies essential missions and business functions and associated contingency requirements; - Provides recovery objectives, restoration priorities, and metrics; - Addresses contingency roles, responsibilities, assigned individuals with contact information; - Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; - Addresses eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and - Is reviewed and approved by designated officials within the organization; b. Distributes copies of the contingency plan to [Assignment: organization-defined list of key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; APPENDIX F-CP PAGE F-47 ________________________________________________________________________________________________ cial Publication 800-53 Recommended Security Controls for Federal Information Systems and Organizations e. Revises the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; and f. Communicates...
Words: 914 - Pages: 4
...Assessment Worksheet Perform Business Continuity Plan Implementation Planning Course Name & Number: ______________________________________________________________ Student Name: _______________________________________________________________________ Instructor Name: _____________________________________________________________________ Lab Due Date: _______________________________________________________________________ Overview The instructor will lead the class in discussions pertaining to a business continuity plan. Key elements of a business continuity plan starting with a risk analysis, business impact analysis, and alignment of critical business functions and processes will be discussed. Students will craft a business continuity implementation plan outline as part of this lab’s deliverables. Lab #6 Assessment Questions & Answers 1. What is the different between a risk analysis (RA) and a business impact analysis (BIA)? 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com -58All Rights Reserved. Current Version Date: 02/11/2012 Student Lab Manual 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? 4. What is the main difference between a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP)? 5. What is the...
Words: 380 - Pages: 2
...Task 1(C) Implementation Plan • Formally assign ownership of field level IT Business Continuity initiatives to IT division CIO’s with an indirect ownership to IT Business Continuity to assure comprehensiveness of division level Business Continuity program requirements. • Provide the necessary resources and subject matter experts in the field of business continuity for each of the organization’s operational groups. • Mandate, define, develop, and implement the processes necessary to conduct a comprehensive risk assessment necessary to identify and define the potential risks and vulnerabilities to the decentralized information system infrastructure components, as similarly conducted for the Regional Data Centers, with the further requirements as mandated by HIPAA. • Perform risk management processes for the field level entities and their information system infrastructure, in order to prioritize and rank risks for mitigation purposes. • Conduct Application Impact Assessment (AIA) at field level facilities to identify and measure the effect of information system infrastructure resource loss and escalating losses over time in order to provide the business with reliable data upon which to base decisions concerning risk, hazard and vulnerability mitigation, recovery strategies, and continuity planning, as well as to provide application and data criticality analysis as addressed by the HIPAA Security Rule. • Implement mitigation...
Words: 639 - Pages: 3
...University Continuity Planning Overview CIS-359: Disaster Recovery Management October 29, 2015 Introduction: This paper will briefly expound upon the lead position or manager’s role, of a healthcare company. It will provide a list of responsibilities a business continuity manager is expected to perform, how to build the framework for, and execute a business continuity plan, and also display a chart that pertains to giving a BCP presentation. Explain four high-level activities that aid in the initiation of a viable, business continuity plan. The role of an experienced business continuity manager in a healthcare business must identify and implement all of aspects of the business’, business continuity plan or BCP. To remain in accordance with the BCP, in preparation for disaster, from the start date, while it is in ongoing stages, and also afterward. Business continuity managers, work directly and strategically with the in-house BCM (Business Continuity Management) division, the business owner, and also the BCM’s, guidance and/or steering committee. They are expected to supervise, utilize paramount communication skills, monitoring the efficiency and progress of those team members and/or subordinates, who report directly to the, business continuity manager. In a healthcare environment, an efficient and thorough business continuity leader, structures accountability framework, by working close-knit with the business’ IT department, existing business managers...
Words: 1125 - Pages: 5
...ISS 310 Mr. Behboodi CCSD Business continuity Plan Assignment 2 03/22/2016 The business continuity planning (BCP) is the creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster. When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. This strategy can be comprised of a basic 4 part setup with an array of sub categories within these guidelines. The type of business that I will be making a mock example for would be an IT business. This paper will also explain the composition of the 4 parts of a BCP. The battle plan. Consisting of 4 parts, Business impact analysis, plan development and testing and Exercises. Part 1 the business continuity impact analysis picks up on the problems resulting from negative effects of a normal business function and processes. This makes it easier to fix and rectify the problem down the road. Also conducting a workshop to instruct business function and process mangers how to complete the business impact analysis. Once finishing a basic training for management level employees, conduct follow up...
Words: 527 - Pages: 3
...Enterprise Continuity Planning Integrated Principles of Disaster Recovery and Enterprise Continuity 19 Dec 2011 By Thomas A. Groshong Sr. Summary 1. DRP/ECP Roles 2. Resilience Layers 3. Resilience Layers Examples 4. Disaster Recovery Training 5. Outside Expertise 6. Awareness Campaign 7. Awareness Campaign Implementation 1.1 Disaster Recovery Plan / Enterprise Continuity Plan (DRP/ECP) Roles Maintaining DRP & ECP documents Personnel responsibilities Backup data scheduling Maintaining equipment status reports Security systems and emergency lighting Operational procedures Environmental controls (Cunningham et al., 2007) 2. Resilience Layers Six Resilience Layers 1. Strategy & Vision 2. Organization 3. Processes 4. Applications & Data 5. Technology 6. Facilities (Goble, G., Fields, H., & Cocchiara, R., 2002) 2.1 Strategy & Vision Business goals & objectives Resilience assessment Assess Risks Assess Vulnerabilities Strategic plan for success Baseline objectives (Goble et al., 2002; A comprehensive, 2007) 2.2 Organization Document roles Responsibilities Accountability Communications protocols Business links Skills critical to organization (Goble et al., 2002; A comprehensive, 2007) 2.3 Processes Process creation Process sustainment Process alternatives Contingency planning (Goble et al., 2002; A comprehensive, 2007) 2.4 Applications & Data Provide reliable data Align disparate data and applications Determine tolerance...
Words: 522 - Pages: 3
...and gives the opportunity to a business to be able to recoup from any number of disasters, whether it may be a natural disaster or a fault of equipment to include power loss. These plans can be fairly basic with a goal and summary of what is to happen in the event of a disaster, to intensely involved and well spelled out plans that break down the summary, personal, intent, goal, and a timeline of events to follow. While disasters are unforeseen events that a business may never see or have to implement their plan, it allows them to be setup for success if it were to happen and not be doomed for failure in hopes of it not being a possibility. For this report, contact was made with Richmond County in Augusta Georgia to their IT department to discuss their disaster recovery plan. Some organizations are well equipped and have staffed members that specialize and have sole intent on being the disaster recovery planner and implementer. Others may contract out to other businesses to provide support and guidance on the matter. In this case, Richmond County has looked to a company called intelliSystems to provide hands-on assistance in their disaster recovery plan. IntelliSystems is a local company to the area with a mission to help “many businesses rid themselves of technology worries so that they can concentrate on growing their businesses and realizing their goals” (intelliSystems, 2015). They do this by providing key areas of: Microsoft Small Business Specialist Certification, a proactive...
Words: 646 - Pages: 3
...1. Go online and conduct research on business continuity planning (BCP). 2. In 600 words, write a APAv6 formatted paper which discusses the following: ◦ What does this term mean? ◦ What practices or procedures does it include? ◦ Why should IT personnel be concerned with business continuity planning? Business Continuity Plan Before businesses were involved in contingency management, disaster recovery and contingency planning were predominantly IT driven responses to the increased attacks of Mother nature and terrorist events in the late 80s and early 90s (Tangen & Austin, 2012). It became apparent to business owners the link between events and profit loss which led to the establishment of business led processes. These processes were developed and planned to address the types of threats that could occur and affect business operations. The discipline became known as business continuity management (BCM). Business continuity management is about identifying and understanding the risks to the everyday running of a business and planning how business will be maintained if an incident actually happens (Business Bolton, n.d.). When a business is disrupted, it suffers financially. A business continuity plan (BCP) is a collection of procedures and information which is developed, compiled and maintained in prep for use in the event of an emergency or disaster. of any kind. Types of incidents identified addresses IT system crashes along with , natural...
Words: 947 - Pages: 4
...answers the question "why do security enterprise problems exist?" This question of security leads to developing security policies that deal with people issues, and evaluates internal/external risks. Organizations are urging top executives to make information security a priority. Therefore, quality and trustworthiness of information are becoming key business issues (Ezingeard et al, 2005). To better accomplish information security in an organization, a management level infrastructure approach is needed. Just as information and data characteristics are different at the different levels of management, information security has different characteristics at the different levels of management. These levels of management are strategic, tactical, and operational. At the operations level, transaction data is produced and serves as input to create information. Maintaining and monitoring of integrity, confidentiality, and availability of the transaction data are primary objectives which are supported by organizational procedures and guidelines. At the tactical level, information is interpreted and utilized in decision making. Implementations of preventative, detective, and responsive controls are a primary objective which is supported by organizational standards. Further analysis/aggregation of the information creates knowledge to help make strategic level decisions Information security policy provides a framework to ensure that systems are developed and operated in a secure manner. Such...
Words: 1173 - Pages: 5
...T e s a n d M a n u a l s Operational Risk Management and Business Continuity Planning for Modern State Treasuries Ian Storkey Fiscal Affairs Department I N T e r N A T I o N A l M o N e T A r y F U N D INTerNATIoNAl MoNeTAry FUND Fiscal Affairs Department Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey Authorized for distribution by Sanjeev Gupta November 2011 DISCLAIMER: This Technical Guidance Note should not be reported as representing the views of the IMF. The views expressed in this Note are those of the authors and do not necessarily represent those of the IMF or IMF policy. JEL Classification Numbers: Keywords: H12, H60, H63, H83 business continuity, disaster recovery, business continuity and disaster recovery plan, operational risk, operational risk management, treasury operations ian@storkeyandco.com Author’s E-Mail Address: TECHNICAL NoTEs ANd MANUALs Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey This technical note and manual (TNM)1 addresses the following main issues: • What is operational risk management and how this should be applied to treasury operations. • What is business continuity and disaster recovery planning and why it is important for treasury operations. • How to develop and implement a business continuity and disaster recovery plan using a six practical-step process and...
Words: 10882 - Pages: 44
...Abstract Businesses, both large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant...
Words: 5764 - Pages: 24