...more and more threats each and every day, a business needs to have a business continuity and disaster recovery plan activated and ready to be implemented in case of disaster or emergencies. These plans are related practices that establish a platform for an organizations preparation for any possible unforeseen risks to contained operations. The plans are organized to help the organization recover if any disaster occurs. The plans outline of each action a business or particular employees to help restore any of the company’s critical operations that have been interrupted during or after a disaster or occurrence. The objective for a successful disaster recovery is to have a business continuity and disaster recovery...
Words: 1172 - Pages: 5
...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three...
Words: 2924 - Pages: 12
...In a business continuity plan (BCP), people knowing what needs to be done and who will do it, is BCP 101. Have you ever heard of only one person responsible for all BCP operations? The BCP is a team effort, remember BCP is not only about IT equipment. Looking at BCP, does all emergencies occur during the beginning of the shift? When is a flood going to happen, only at 8 a.m. in the morning? BCP main function is to notify people that need to restore operations. One of the articles I found was The Role of Communications Planning in Business Continuity. They outlined four critical parts that communications have in the BCP, notification, verifications, stabilization, and recovery. If the people do not know the plan, in a real situation, business...
Words: 561 - Pages: 3
...Business Continuity Plan Under Development (May 2006) California State University, Stanislaus CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 Table of Contents INTRODUCTION I. II. III. IV. V. Incident Command System Business Impact Analysis Risk Assessment Business Plan for Localized Business Disruption Business Plan for Pandemics Page 3 Pages 4-7 Pages 8-11 Pages 12-13 Pages 14-15 Pages 16-17 Pages 18-19 Pages 20-36 Appendix IV-A: Power Outage Business Continuity Plan Appendix V-A: Pandemic Flu Business Continuity Plan 2 Final CP 5-30-06 CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 INTRODUCTION A Business Continuity Plan (BCP) is developed by an institution to plan for and describe how it will respond to and recover from disruptions. These disruptions can be localized threats (e.g., earthquakes, fires, floods, bombs, etc.) or global threats (e.g., Flu Pandemic). As part of the overall Emergency Operations Plan, California State University, Stanislaus has developed, and continues to refine and enhance, a Business Continuity Plan (BCP) for the University. This plan is about maintaining, resuming, and recovering the University’s activities as an educational institution. It considers human factors along with operational issues. The BCP was developed by a team of the University’s senior administrators and department managers representing all University divisions: Business & Finance, Academic Affairs...
Words: 10523 - Pages: 43
...Purpose Business Continuity / Disaster Recovery program is implemented to ensure that ITT-Tech capability to respond to and reduce the effect(s) of incidents that may impact the ability of one or more of the of it’s locations ability to carry out normal activities. Business Continuity and Disaster Recovery Plans shall identify and address critical events that have the potential to cause materially adverse consequences. Scope The school Information Services Business Continuity / Disaster Recovery program is applicable to each it’s functional organization. This document along with other documents, will provide guidance for all departments to; • determine their exposures to loss of business activities by conducting Business Impact Analysis and Risk Assessment(s), • to develop Business Continuity and Disaster Recovery plans • to maintain those plans using provided or similar documents meeting the intent of the Business Continuity Program. Objective Objective of the Business Continuity program is to ensure that each functional unit has evaluated business conditions and developed plans which will enable it to survive business-interruption events and continue operations at an acceptable level until normal operations can be restored. Responsibility Designated leaders are responsible for implementing, developing and maintaining the Business Continuity program for their operational area. Systems and Operations continuity for each designated...
Words: 263 - Pages: 2
...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...
Words: 2423 - Pages: 10
...Continuity planning, defined by the Department of Homeland Security (DHS) (2012), is the effort of organizations, primarily based in the public sector, to continue essential functions and operations before, during, and after disasters (DHS 2012). These disasters could be natural, man-made, or technological and could last a short or long period of time. The public sector manifest the continuity of operations standard based in the Homeland Security Presidential Directive 20, which directs the federal executive branch and its agencies to establish and maintain the most important functions, or mission essential functions (MEFs), within a 12-hour standard after the activation of the COOP or continuity of operations plan (DHS 2012). The plan is...
Words: 448 - Pages: 2
...Abstract This paper will include creation of a business continuity plan for Red Circle that addresses any pre-incident changes the company can do to minimize and mitigate risk. The companies’ use and protection of sensitive data will be analyzed. The companies’ use and protection of member information will be analyzed. Discussion of the communication plan to be used during and following the disruption will be explained. Lastly steps on how the companies operations will be restored after the disruption will be discussed. Business Continuity Plan Red Circle is a non-for-profit health insurance company located in Minnesota. Red Circle serves members in commercial and government lines of business. The company has three office campuses located in Eagan, Minnesota. These locations are within 1 mile of each other. The company also has a location about 4 hours north of these locations, which houses customer service operations and claims processing employees. Pre-incident changes A well thought out and planned business continuity plan is a necessity to keep a business operational if a disaster should strike the company. Red Circle can be prepared for any disaster by having a business continuity plan in place with trained staff on how to implement the plan, if disaster or disruption occurs. Annually the business continuity plan should be reviewed for accuracy and updates. Since Red Circle is located in the Midwest region, which is prone to tornadoes, the company...
Words: 3224 - Pages: 13
...Abstract Businesses, both large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant...
Words: 5764 - Pages: 24
...CONTINGENCY PLAN Control: The organization: a. Develops a contingency plan for the information system that: - Identifies essential missions and business functions and associated contingency requirements; - Provides recovery objectives, restoration priorities, and metrics; - Addresses contingency roles, responsibilities, assigned individuals with contact information; - Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; - Addresses eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and - Is reviewed and approved by designated officials within the organization; b. Distributes copies of the contingency plan to [Assignment: organization-defined list of key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; APPENDIX F-CP PAGE F-47 ________________________________________________________________________________________________ cial Publication 800-53 Recommended Security Controls for Federal Information Systems and Organizations e. Revises the contingency plan to address changes to the organization, information system, or environment of operation and...
Words: 914 - Pages: 4
...JIT2 Task 1 Part B ManIT, LLC Business Continuity Plan The information below is a Business Continuity Plan for ManIT, LLC to follow in the possible aftermath of a disaster causing major disruptions to the business. Preparation, response, and recovery from a disaster affecting the operations of ManIT, LLC, requires the full efforts of multiple personnel in many different departments. If such of an event does happen, this plan could be followed and monitored by the Continuity Management Team within ManIT, LLC. The Business Continuity Plan gives the responsibilities of the Continuity Management Team, where their goal is to make procedures that will help with the ManIT, LLC business functions. If such an event or disaster that does affect any functional area of the business, the Continuity Management Team would be there to facilitate all of the areas affected by the event or disaster and personnel involved. This team should include other smaller groups that would entail operations and communication, and damage assessment with each role of the groups to be defined whenever a major business disruption occurs. The leader of the Continuity Management Team will be a Coordinator and would be the central point of contact for all execution of plans. B1. Strategic Changes There are many changes that ManIT, LLC should implement to ensure that operations should continue should a disruption occur. In recent year, the Department of Homeland Security recommended...
Words: 2086 - Pages: 9
...Company Virtual Solutions Inc. Foundations of Business Continuity Management Table of Contents Executive Summary 3 Introduction 5 About Company Virtual Solutions 6 The Current Status of Business Continuity Planning 6 Historical Context 6 The New Plan 8 Using Recovery Planner 8 Configuration for TPT 9 Presentation 9 Compliance 10 Comprehensive Planning 10 Leadership Approval 12 The Plan Strategy 12 Team Structure 12 Figure 1: The Business Continuity Plan Team Organizational Chart 13 Emergency Management Team 13 Business Continuity Team 14 Business Unit Teams 15 Fly Out Teams 16 Fire Teams 16 The Four Phases of the Plan 16 Figure 2: The four phases of the Plan 16 Phase I - Appraisal 17 Phase II – Recovery Coordination 18 Phase III - Production 18 Phase IV – Site Restoration 19 Business Unit Plan Structure 20 Alternative Sites 21 Planning Refinement Recommendations 22 Risk Assessment 22 Business Impact Analysis 22 Emergency Response 23 Disaster Recovery 23 Testing and Restoration 24 Future State 25 Comprehensive Business Planning 25 ACP Workflow Planning 26 Awareness and Training 27 Maintaining Support 27 Projected Timeline 28 Figure 3: Projected Timeline 29 Tasks 29 Conclusion 30 Sources 31 Appendix...
Words: 6761 - Pages: 28
...or serious disruption. When they understand, management can use this knowledge to calculate the recovery time objective (RTO) for time-critical support services and resources. For most Organizations, these support resources include: Facilities - IT infrastructure (including voice and data communications networks) - Hardware and software - Vital records Data - Business partners The connection is made when each of the time-critical business processes is mapped to the above supporting resources. 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? a. Disaster Recovery Plan (DRP) is plan for the intervention taken by an organization to minimize further losses brought on by a disaster and to begin the process of recovery, including activities and programs designed to restore critical business functions and return the organization to an acceptable condition. b. Business Continuity Plan (BCP) is an ongoing process...
Words: 966 - Pages: 4
...Business Continuity Plan Template Version 1.0 August 2014 Table of Contents DOCUMENT CHANGE CONTROL 6 Section I: Introduction 7 A. How to Use This Plan 7 B. Objectives 7 C. Scope 8 D. Assumptions 8 E. Changes to the Plan/Maintenance Responsibilities 9 F. Plan Testing Procedures and Responsibilities 10 G. Plan Training Procedures and Responsibilities 10 H. Plan Distribution List 11 Section II: Business Continuity Strategy 12 A. Introduction 12 B. Business Function Recovery Priorities 12 C. Relocation Strategy and Alternate Business Site 12 D. Recovery Plan Phases 13 1. Disaster Occurrence 13 2. Plan Activation 13 3. Alternate Site Operations 13 4. Transition to Primary Site 13 E. Vital Records Backup 13 F. Restoration of Hardcopy Files, Forms, and Supplies 14 G. On-line Access to <ORGANIZATION NAME> Computer Systems 14 H. Mail and Report Distribution 15 Section III: Recovery Teams 16 A. Purpose and Objective 16 B. Recovery Team Descriptions 16 C. Recovery Team Assignments 16 D. Personnel Notification 17 E. Team Contacts 17 F. Team Responsibilities 17 Business Continuity Coordinator – <Insert Name> 19 EOC Communications Team – 19 EOC Human Resources Team – 20 EOC Administration Team – 20 Emergency Response Team – 21 Information Technology Recovery Team (See also Disaster Recovery Plan) – 21 Section IV: Recovery Procedures 23 A. Purpose and Objective 23 B. Recovery Activities and Tasks 24 PHASE I: Disaster Occurrence...
Words: 8008 - Pages: 33
...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are: Governance-Define and align with executive priorities...
Words: 3492 - Pages: 14