...restoration of business ops if significant disruptions occur BCP and DRP BIA stands for Business Impact Analysis MTD stands for Maximum Tolerable Downtime first step in building BC program Project initiation and management activites of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security d. All of the above d. All of the above 3. The major objective of the business impact assessment process is to: a. Prioritize time-critical business processes b. Determine the most appropriate recovery time objective for business processes c...
Words: 2067 - Pages: 9
...Ford 10/26/2013 Business Continuity Implementation Planning A Business Continuity Plan is “a plan for how to handle outages to IT systems, applications and data access in order to maintain business operation. A Business Impact Analysis is a prerequisite analysis for a Business continuity plan that prioritizes mission critical systems, applications and data and the impact of an outage or downtime.” (Kim. 2012. Pg.478) Every organization faces risk. Sometimes risk is measurable and predictable, and other times it is not. For example, a lawn care company knows that it has a seasonal business. There is some unpredictability in the seasons in that you do not know for sure if it is going to be a “wet” spring or a “dry” spring, or a hot summer or a cooler summer and so on. However, at least in the Midwest, a lawn care company can pretty well determine that we will have winter, spring, summer and fall. Additionally, it is predictable that the grass will need mowing from about mid to late March all the way through November. So, there is a small risk that it may start a little later and/or end a little sooner, but on the average it is fairly predictable. Other organizations have much greater risk inherent in their organizations. For example, a small stock brokerage firm may lose its entire business if stocks take the type of tumble that they did in 1998. (I personally know of some small firms that did just that – many family firms that had been in business for over 60 years.) Just...
Words: 1104 - Pages: 5
...small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore, security is no longer...
Words: 5764 - Pages: 24
...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are: Governance-Define and align with executive priorities...
Words: 3492 - Pages: 14
...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three...
Words: 2924 - Pages: 12
...Audit of Business Continuity Planning (BCP) Final Audit Report Audit and Evaluation Branch June 2006 Tabled and approved by DAEC on January 9, 2007 Audit of Business Continuity Planning (BCP) Industry Canada (IC) TABLE OF CONTENTS 1.0 EXECUTIVE SUMMARY .............................................................................................. 2 1.1 INTRODUCTION ................................................................................................................ 2 1.2 OVERALL ASSESSMENT.................................................................................................... 2 1.3 MAIN FINDINGS, CONCLUSIONS AND RECOMMENDATIONS ............................................. 2 1.3.1 Business Continuity Plan Governance (See Section 3.1 of the BCP Standard) ......... 2 1.3.2 Business Impact Analysis (See Section 3.2 of the BCP Standard).............................. 3 1.3.3 Business Continuity Action Plans and Arrangements (See Section 3.3) .................... 4 1.3.4 BCP Program Readiness (See Section 3.4 of the BCP Standard) .............................. 5 1.3.5 BCP Training and Awareness (See Section 3.4 of the BCP Standard) ...................... 5 2.0 INTRODUCTION............................................................................................................. 7 2.1 BACKGROUND .................................................................................................................. 7 2...
Words: 5659 - Pages: 23
...Business Continuity Plan Under Development (May 2006) California State University, Stanislaus CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 Table of Contents INTRODUCTION I. II. III. IV. V. Incident Command System Business Impact Analysis Risk Assessment Business Plan for Localized Business Disruption Business Plan for Pandemics Page 3 Pages 4-7 Pages 8-11 Pages 12-13 Pages 14-15 Pages 16-17 Pages 18-19 Pages 20-36 Appendix IV-A: Power Outage Business Continuity Plan Appendix V-A: Pandemic Flu Business Continuity Plan 2 Final CP 5-30-06 CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 INTRODUCTION A Business Continuity Plan (BCP) is developed by an institution to plan for and describe how it will respond to and recover from disruptions. These disruptions can be localized threats (e.g., earthquakes, fires, floods, bombs, etc.) or global threats (e.g., Flu Pandemic). As part of the overall Emergency Operations Plan, California State University, Stanislaus has developed, and continues to refine and enhance, a Business Continuity Plan (BCP) for the University. This plan is about maintaining, resuming, and recovering the University’s activities as an educational institution. It considers human factors along with operational issues. The BCP was developed by a team of the University’s senior administrators and department managers representing all University divisions: Business & Finance, Academic Affairs...
Words: 10523 - Pages: 43
...submit both parts as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. In recent years, organizations have witnessed the impact of having effective and non-effective business continuity plans and disaster recovery plans. In today’s environment, with significant potential natural disasters, terrorist threats, and other man-made threats, it is critical that organizations develop effective business continuity plans and disaster recovery plans. Select an organization that you are familiar with, such as where you currently or previously have worked, contact a local organization, or search on the Internet for the needed detail of an organization you are interested in. Prepare a disaster recovery plan policy for that organization. Part 1: Written Paper 1. Write a six to eight (6-8) page paper in which you: a. Provide an overview of the organization that will be delivered to senior management, defining the business goals and objectives and the size, layout, and structure of the organization. b. Include a diagram of the organization’s network architecture and the proposed network architecture of an alternate computing facility in the event of a disaster (or the actual network architecture of the alternate computing facility if one already exists) through...
Words: 1069 - Pages: 5
...Discussion: Business continuity plan Discussion: Business continuity plan A business continuity plan (BCP) is a practice adopted by the university to ensure continuity in their services and business unit processes in cases of disruptions preventing normal procedures from taking place (Latha, 2003). These disruptions may be in the form of threats such as earthquakes, fires or pandemics like the Ebola crisis. The main objectives of the BCP are to maintain, resume and recover all of the activities of the university as a whole unit implementing both the human operational factors (Ken, 2000). All the university departments are involved in the development of the BCP and as a team conduct a risk assessment and business continuity plan (Latha, 2003). In case the university cannot handle an emergency situation using routine measures, the president implements an emergency plan. The university’s incident command section comprises of the safety officer and emergency operations executive who oversee the emergency operations. The planning section coordinates responsibilities of planning and intelligence while the finance section keeps a record of all purchases and report making. The university business impact analysis (BIA) analyzes the critical functions that affect the health and safety of university staff and students. It also analyzes the critical functions that influence the continuity of the university. The functions of the BIA are prioritized and respective downtime estimated...
Words: 483 - Pages: 2
...need for business continuity plans and disaster recovery plans has become a high priority for organizations of all sizes. Examine the importance of business continuity and disaster recovery plans, citing examples of each used in practice. Four response to negative risk that an organization may pursue: Avoid - Eliminating any possibility of risk through hazard prevention, or the discontinuation of activities determined to entail any level of risk. Avoid example - Testing software, hardware and or applications before users are able to obtain it would eliminate bugs, security breaches and capability issues. Transfer - Placing the risk onto a third party. Transfer example - Placing the liability of a company, such as their employees, onto an insurance company would minimize potential risk. Mitigate - Reduces the impact of a threat. Mitigate example - Securing an entrance of a company with code or badge scanning with reduce the probability of threat entering into the companies environment. Accept - Is the process of actively deciding that you will accept the consequences (impact) of a risk if it occurs. Accept example - If a computer fails or crashes, having another there to replace it or a technician there to fix it. The importance of business continuity and disaster recovery plans. Business continuity and disaster recovery plans are extremely crucial to any environment that has IT systems. One of the major concerns in any business is the loss...
Words: 345 - Pages: 2
...LAB 6 What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. Business continuity planning "identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity”. In addition to some disagreement among business continuity professionals regarding the BIA and risk assessment definitions and outcomes, disagreement also exists regarding the order of execution: whether it is best to perform the risk assessment before, during, or after the BIA. While many professionals argue that it is best to perform the risk assessment before the BIA to establish the risk landscape in which the organization operates, Evaluation argues the opposite. What is the difference between a Disaster Recovery Plan and a Business Continuity plan? A disaster recovery plan is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. Business continuity planning "identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention...
Words: 1291 - Pages: 6
...PROJECT PORTFOLIO Project Portfolio Project Portfolio ExxonMobil is one of the largest publicly traded petroleum and petrochemical enterprises in the world. It started out as a regional marketer of Kerosene. They have three familiar brand names which are: Exxon, Esso and Mobil. The first oil well was built in 1859 (exxonmobil.com). ExxonMobil uses different types of technology every day like surveillance, network computers, communication devices, etc. Being a big corporation like this requires an IT Department. We’ve learned these past eight weeks about the use of technology tools, Porter’s Five Forces Model, Agent based technologies, business planning, and technology in present and future. Throughout this paper I will relate the information that I have learned and talk about how these areas can help it remain a competitive business. People, Information and Information Technology play an important role when it comes to helping the company remain competitive in the industry. ExxonMobil tries to teach their employees to have the best technical and leadership capabilities. They provide their employees with formal training and a broad range of global experiences to prepare them to be the next generation of ExxonMobil leaders. Not only do they want to hire exceptional employees at the corporate headquarters, but also at all their branch locations as well. The employees throughout the organization set goals, carry out tasks, make decisions, and serve customers. Information regarding...
Words: 2101 - Pages: 9
...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...
Words: 2423 - Pages: 10
...market’s thirst for her product(s). Although this small business expansion has increased the customer base and or revenue pursued by its owner, the induction of additional services provided has also slightly altered the projected operations plan and or business plan. Kudler Fine Food’s mission states that it will “provide its customers with the finest selected foodstuffs, wines, and related needs in an unparalleled consumer environment“(Apollo Group, 2008). In order for Kudler to meet the needs of the consumer at all times, administration has proposed a review of the companies operations and or communication plan(s) be reviewed for contingency of any unforeseen threats to daily operations. Scope To assist the company in their daily functions, Kudler Fine Foods stores information used to determine market conditions, customer demographics, individual store sales, employee demographics, payroll, administrative functions, and other human resource related information. A post review of Kudler’s fixed operations reveals the company is currently unprepared for any and all potential threats that may halt daily operations for an over-extended period. Potential threats that Kudler may face are: breach and or loss of client and or employee information, natural disasters, on-site disruptions (such as fire hazards and flooding), external threats (city power outages), damage to produce (USFDA warnings). The list of potential threats Kudler faces doesn’t stop here, and the differentiation among...
Words: 5884 - Pages: 24
...a risk analysis (RA) and a business impact analysis (BIA)? a. Risk assessment (RA) is a structure discipline that must discover the threats, vulnerabilities, and values of an organization’s assets. A key factor in risk assessment is the determination of the likelihood of an adverse event affecting an Organization, process, or system. Risk assessment is a valuable tool to help the organization recognize itself threat environment and ensure that the steps are undertaken to minimize the resulting risks to an acceptable level. b. Business Impact Analysis (BIA) is the key to a successful BCP implementation. Understanding and standardizing Enterprise business process names is critical to the success of the BIA. The intent of the BIA process is to help the organization’s management appreciate the magnitude of the operational and financial impacts associated with a disaster or serious disruption. When they understand, management can use this knowledge to calculate the recovery time objective (RTO) for time-critical support services and resources. For most Organizations, these support resources include: Facilities - IT infrastructure (including voice and data communications networks) - Hardware and software - Vital records Data - Business partners The connection is made when each of the time-critical business processes is mapped to the above supporting resources. 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? a. Disaster Recovery...
Words: 966 - Pages: 4
