Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html.

Similar presentations


Presentation on theme: "Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html."— Presentation transcript:

1 Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html

2 Information security - Business continuity 1 Business continuity is the mechanism by which an organization continues to operate its critical business units, during planned or unplanned disruptions that affect normal business operations, by invoking planned and managed procedures. https://store.theartofservice.com/the-business-continuity-toolkit.html

3 Information security - Business continuity 1 Not only is business continuity simply about the business, but it also an IT system and process. Today disasters or disruptions to business are a reality. Whether the disaster is natural or man- made, it affects normal life and so business. Therefore, planning is important. https://store.theartofservice.com/the-business-continuity-toolkit.html

4 Information security - Business continuity 1 The planning is merely getting better prepared to face it, knowing fully well that the best plans may fail. Planning helps to reduce cost of recovery, operational overheads and most importantly sail through some smaller ones effortlessly. https://store.theartofservice.com/the-business-continuity-toolkit.html

5 Information security - Business continuity 1 For businesses to create effective plans they need to focus upon the following key questions. Most of these are common knowledge, and anyone can do a BCP. https://store.theartofservice.com/the-business-continuity-toolkit.html

6 Information security - Business continuity 1 Should a disaster strike, what are the first few things that I should do? Should I call people to find if they are OK or call up the bank to figure out my money is safe? This is Emergency Response. Emergency Response services help take the first hit when the disaster strikes and if the disaster is serious enough the Emergency Response teams need to quickly get a Crisis Management team in place. https://store.theartofservice.com/the-business-continuity-toolkit.html

7 Information security - Business continuity 1 What parts of my business should I recover first? The one that brings me most money or the one where I spend the most, or the one that will ensure I shall be able to get sustained future growth? The identified sections are the critical business units. There is no magic bullet here, no one answer satisfies all. Businesses need to find answers that meet business requirements. https://store.theartofservice.com/the-business-continuity-toolkit.html

8 Information security - Business continuity 1 How soon should I target to recover my critical business units? In BCP technical jargon, this is called Recovery Time Objective, or RTO. This objective will define what costs the business will need to spend to recover from a disruption. For example, it is cheaper to recover a business in 1 day than in 1 hour. https://store.theartofservice.com/the-business-continuity-toolkit.html

9 Information security - Business continuity 1 What all do I need to recover the business? IT, machinery, records...food, water, people...So many aspects to dwell upon. The cost factor becomes clearer now...Business leaders need to drive business continuity. Hold on. My IT manager spent $ last month and created a DRP (Disaster Recovery Plan), whatever happened to that? a DRP is about continuing an IT system, and is one of the sections of a comprehensive Business Continuity Plan. Look below for more on this. https://store.theartofservice.com/the-business-continuity-toolkit.html

10 Information security - Business continuity 1 And where do I recover my business from... Will the business center give me space to work, or would it be flooded by many people queuing up for the same reasons that I am. https://store.theartofservice.com/the-business-continuity-toolkit.html

11 Information security - Business continuity 1 But once I do recover from the disaster and work in reduced production capacity since my main operational sites are unavailable, how long can this go on. How long can I do without my original sites, systems, people? this defines the amount of business resilience a business may have. https://store.theartofservice.com/the-business-continuity-toolkit.html

12 Information security - Business continuity 1 Now that I know how to recover my business. How do I make sure my plan works? Most BCP pundits would recommend testing the plan at least once a year, reviewing it for adequacy and rewriting or updating the plans either annually or when businesses change. https://store.theartofservice.com/the-business-continuity-toolkit.html

13 Cloud computing security - Business continuity and data recovery 1 Cloud providers have business continuity and data recovery plans in place to ensure that service can be maintained in case of a disaster or an emergency and that any data loss will be recovered. These plans are shared with and reviewed by their customers. https://store.theartofservice.com/the-business-continuity-toolkit.html

14 Risk management - Risk management and business continuity 1 Risk management is simply a practice of systematically selecting cost-effective approaches for minimising the effect of threat realization to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks. https://store.theartofservice.com/the-business-continuity-toolkit.html

15 Risk management - Risk management and business continuity 1 Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to deal with the consequences of realised residual risks https://store.theartofservice.com/the-business-continuity-toolkit.html

16 Business continuity planning 1 Business continuity planning https://store.theartofservice.com/the-business-continuity-toolkit.html

17 Business continuity planning 1 A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime https://store.theartofservice.com/the-business-continuity-toolkit.html

18 Business continuity planning 1 Any event that could impact operations is included, such as supply chain interruption, loss of or damage to critical infrastructure (major machinery or computing/network resource). As such, risk management must be incorporated as part of BCP. https://store.theartofservice.com/the-business-continuity-toolkit.html

19 Business continuity planning 1 In 2007, the BSI published BS "Specification for Business Continuity Management", which specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS). https://store.theartofservice.com/the-business-continuity-toolkit.html

20 Business continuity planning 1 BS :2007 business continuity management is the British Standard for business continuity management across all organizations https://store.theartofservice.com/the-business-continuity-toolkit.html

21 Business continuity planning 1 This document was superseded in November 2012 by the British standard BS ISO22301:2012. (British Standards Institution, 2012) https://store.theartofservice.com/the-business-continuity-toolkit.html

22 Business continuity planning 1 In 2004, following crises in the preceding years, the UK government passed the Civil Contingencies Act 2004 (The Act). This provides the legislation for civil protection in the UK. https://store.theartofservice.com/the-business-continuity-toolkit.html

23 Business continuity planning 1 The Act was separated into two distinct parts: Part 1 focuses on local arrangements for civil protection, establishing a statutory framework of roles and responsibilities for local responders. Part 2 focused on emergency powers, establishing a modern framework for the use of special legislative measures that might be necessary to deal with the effects of the most serious emergencies. https://store.theartofservice.com/the-business-continuity-toolkit.html

24 Business continuity planning 1 The Act is telling responders and planners that businesses need to have continuity planning measures in place in order to survive and continue to thrive whilst working towards keeping the incident as minimal as possible. (Cabinet Office, 2004) https://store.theartofservice.com/the-business-continuity-toolkit.html

25 Business continuity planning - Business impact analysis (BIA) 1 A Business impact analysis (BIA) differentiates critical (urgent) and non- critical (non-urgent) organization functions/activities. Critical functions are those whose disruption is regarded as unacceptable. Perceptions of acceptability are affected by the cost of recovery solutions. A function may also be considered critical if dictated by law. For each critical (in scope) function, two values are then assigned: https://store.theartofservice.com/the-business-continuity-toolkit.html

26 Business continuity planning - Business impact analysis (BIA) 1 Recovery Time Objective (RTO) – the acceptable amount of time to restore the function https://store.theartofservice.com/the-business-continuity-toolkit.html

27 Business continuity planning - Business impact analysis (BIA) 1 The recovery point objective must ensure that the maximum tolerable data loss for each activity is not exceeded. The Recovery Time Objective must ensure that the Maximum Tolerable Period of Disruption (MTPoD) for each activity is not exceeded. https://store.theartofservice.com/the-business-continuity-toolkit.html

28 Business continuity planning - Business impact analysis (BIA) 1 Next, the impact analysis results in the recovery requirements for each critical function. Recovery requirements consist of the following information: https://store.theartofservice.com/the-business-continuity-toolkit.html

29 Business continuity planning - Business impact analysis (BIA) 1 The business requirements for recovery of the critical function, and/or https://store.theartofservice.com/the-business-continuity-toolkit.html

30 Business continuity planning - Business impact analysis (BIA) 1 The technical requirements for recovery of the critical function https://store.theartofservice.com/the-business-continuity-toolkit.html

31 Business continuity planning - Threat and risk analysis (TRA) 1 After defining recovery requirements, each potential threat may require unique recovery steps. Common threats include: https://store.theartofservice.com/the-business-continuity-toolkit.html

32 Business continuity planning - Threat and risk analysis (TRA) 1 The impact of an epidemic can be regarded as purely human, and may be alleviated with technical and business solutions. However, if people behind these plans are affected by the disease, then the process can stumble. https://store.theartofservice.com/the-business-continuity-toolkit.html

33 Business continuity planning - Threat and risk analysis (TRA) 1 During the 2002–2003 SARS outbreak, some organizations grouped staff into separate teams, and rotated the teams between primary and secondary work sites, with a rotation frequency equal to the incubation period of the disease. The organizations also banned face-to-face intergroup contact during business and non-business hours. The split increased resiliency against the threat of quarantine measures if one person in a team was exposed to the disease. https://store.theartofservice.com/the-business-continuity-toolkit.html

34 Business continuity planning - Impact scenarios 1 After defining threats, impact scenarios form the basis of the business recovery plan. In general, planning for the most wide-reaching impact is preferable. A typical impact scenario such as "building loss" encompasses most critical business functions. A BCP may document scenarios for each building. More localized impact scenarios – for example loss of a specific floor in a building – may also be documented. https://store.theartofservice.com/the-business-continuity-toolkit.html

35 Business continuity planning - Recovery requirement 1 After the analysis phase, business and technical recovery requirements precede the solutions phase. Asset inventories allow for quick identification of deployable resources. For an office-based, IT- intensive business, the plan requirements may cover desks, human resources, applications, data, manual workarounds, computers and peripherals. https://store.theartofservice.com/the-business-continuity-toolkit.html

36 Business continuity planning - Recovery requirement 1 Other business environments, such as production, distribution, warehousing etc. will need to cover these elements, but likely have additional issues. https://store.theartofservice.com/the-business-continuity-toolkit.html

37 Business continuity planning - Solution design 1 The solution design phase identifies the most cost-effective disaster recovery solution that meets two main requirements from the impact analysis stage. For IT purposes, this is commonly expressed as the minimum application and data requirements and the time in which the minimum application and application data must be available. https://store.theartofservice.com/the-business-continuity-toolkit.html

38 Business continuity planning - Solution design 1 Outside the IT domain, preservation of hard copy information, such as contracts, skilled staff or restoration of embedded technology in a process plant must be considered. This phase overlaps with disaster recovery planning methodology. The solution phase determines: https://store.theartofservice.com/the-business-continuity-toolkit.html

39 Business continuity planning - Solution design 1 telecommunication architecture between primary and secondary work sites https://store.theartofservice.com/the-business-continuity-toolkit.html

40 Business continuity planning - Solution design 1 applications and data required at the secondary work site, and https://store.theartofservice.com/the-business-continuity-toolkit.html

41 Business continuity planning - Solution design 1 physical data requirements at the secondary work site. https://store.theartofservice.com/the-business-continuity-toolkit.html

42 Business continuity planning - Implementation 1 The implementation phase involves policy changes, material acquisitions, staffing and testing. https://store.theartofservice.com/the-business-continuity-toolkit.html

43 Business continuity planning - Testing and organizational acceptance 1 The purpose of testing is to achieve organizational acceptance that the solution satisfies the recovery requirements. Plans may fail to meet expectations due to insufficient or inaccurate recovery requirements, solution design flaws or solution implementation errors. Testing may include: https://store.theartofservice.com/the-business-continuity-toolkit.html

44 Business continuity planning - Testing and organizational acceptance 1 Crisis command team call-out testing https://store.theartofservice.com/the-business-continuity-toolkit.html

45 Business continuity planning - Testing and organizational acceptance 1 At minimum, testing is conducted on a biannual schedule. https://store.theartofservice.com/the-business-continuity-toolkit.html

46 Business continuity planning - Testing and organizational acceptance 1 The 2008 book Exercising for Excellence, published by The British Standards Institution identified three types of exercises that can be employed when testing business continuity plans. https://store.theartofservice.com/the-business-continuity-toolkit.html

47 Business continuity planning - Tabletop exercises 1 Tabletop exercises typically involve a small number of people and concentrates on a specific aspect of a BCP. They can easily accommodate complete teams from a specific area of a business. https://store.theartofservice.com/the-business-continuity-toolkit.html

48 Business continuity planning - Tabletop exercises 1 Another form involves a single representative from each of several teams. Typically, participants work through simple scenario and then discuss specific aspects of the plan. For example, a fire is discovered out of working hours. https://store.theartofservice.com/the-business-continuity-toolkit.html

49 Business continuity planning - Tabletop exercises 1 The exercise consumes only a few hours and is often split into two or three sessions, each concentrating on a different theme. https://store.theartofservice.com/the-business-continuity-toolkit.html

50 Business continuity planning - Medium exercises 1 A medium exercise is conducted within a "Virtual World" and brings together several departments, teams or disciplines https://store.theartofservice.com/the-business-continuity-toolkit.html

51 Business continuity planning - Medium exercises 1 A medium exercise typically lasts a few hours, though they can extend over several days. They typically involve a "Scenario Cell" that adds pre-scripted "surprises" throughout the exercise. https://store.theartofservice.com/the-business-continuity-toolkit.html

52 Business continuity planning - Complex exercises 1 A complex exercise aims to have as few boundaries as possible. It incorporates all the aspects of a medium exercise. The exercise remains within a virtual world, but maximum realism is essential. This might include no-notice activation, actual evacuation and actual invocation of a disaster recovery site. https://store.theartofservice.com/the-business-continuity-toolkit.html

53 Business continuity planning - Complex exercises 1 While start and stop times are pre-agreed, the actual duration might be unknown if events are allowed to run their course. https://store.theartofservice.com/the-business-continuity-toolkit.html

54 Business continuity planning - Maintenance 1 Biannual or annual maintenance cycle maintenance of a BCP manual is broken down into three periodic activities. https://store.theartofservice.com/the-business-continuity-toolkit.html

55 Business continuity planning - Maintenance 1 Confirmation of information in the manual, roll out to staff for awareness and specific training for critical individuals. https://store.theartofservice.com/the-business-continuity-toolkit.html

56 Business continuity planning - Maintenance 1 Testing and verification of technical solutions established for recovery operations. https://store.theartofservice.com/the-business-continuity-toolkit.html

57 Business continuity planning - Maintenance 1 Testing and verification of organization recovery procedures. https://store.theartofservice.com/the-business-continuity-toolkit.html

58 Business continuity planning - Maintenance 1 Issues found during the testing phase often must be reintroduced to the analysis phase. https://store.theartofservice.com/the-business-continuity-toolkit.html

59 Business continuity planning - Information/targets 1 The BCP manual must evolve with the organization. Activating the call tree verifies the notification plan's efficiency as well as contact data accuracy. Types of changes that should be identified and updated in the manual include: https://store.theartofservice.com/the-business-continuity-toolkit.html

60 Business continuity planning - Information/targets 1 Organization structure changes https://store.theartofservice.com/the-business-continuity-toolkit.html

61 Business continuity planning - Information/targets 1 Communication and transportation infrastructure such as roads and bridges https://store.theartofservice.com/the-business-continuity-toolkit.html

62 Business continuity planning - Technical 1 Specialized technical resources must be maintained. Checks include: https://store.theartofservice.com/the-business-continuity-toolkit.html

63 Business continuity planning - Technical 1 Application security and service patch distribution https://store.theartofservice.com/the-business-continuity-toolkit.html

64 Business continuity planning - Testing and verification of recovery procedures 1 As work processes change, previous recovery procedures may no longer be suitable. Checks include: https://store.theartofservice.com/the-business-continuity-toolkit.html

65 Business continuity planning - Testing and verification of recovery procedures 1 Are all work processes for critical functions documented? https://store.theartofservice.com/the-business-continuity-toolkit.html

66 Business continuity planning - Testing and verification of recovery procedures 1 Have the systems used for critical functions changed? https://store.theartofservice.com/the-business-continuity-toolkit.html

67 Business continuity planning - Testing and verification of recovery procedures 1 Are the documented work checklists meaningful and accurate? https://store.theartofservice.com/the-business-continuity-toolkit.html

68 Business continuity planning - Testing and verification of recovery procedures 1 Do the documented work process recovery tasks and supporting disaster recovery infrastructure allow staff to recover within the predetermined recovery time objective? https://store.theartofservice.com/the-business-continuity-toolkit.html

69 Business continuity planning - Notes 1 Jump up ^ Elliot, D.; Swartz, E.; Herbane, B. (1999) Just waiting for the next big bang: business continuity planning in the UK finance sector. Journal of Applied Management Studies, Vol. 8, No, pp. 43– 60. Here: p. 48. https://store.theartofservice.com/the-business-continuity-toolkit.html

70 Business continuity planning - Notes 1 Jump up ^ Intrieri, Charles (10 September 2013). "Business Continuity Planning". Flevy. Retrieved 29 September https://store.theartofservice.com/the-business-continuity-toolkit.html

71 Business continuity planning - Notes 1 Jump up ^ British Standards Institution (2006). Business continuity management- Part 1: Code of practice :London https://store.theartofservice.com/the-business-continuity-toolkit.html

72 Business continuity planning - Notes 1 Jump up ^ British Standards Institution (2012). Societal security – Business continuity management Systems – Requirements: London https://store.theartofservice.com/the-business-continuity-toolkit.html

73 Business continuity planning - Notes 1 Jump up ^ Cabinet Office. (2004). overview of the Act. In: Civil Contingencies Secretariat Civil Contingencies Act 2004: a short. London: Civil Contingencies Secretariat https://store.theartofservice.com/the-business-continuity-toolkit.html

74 Business continuity planning - Bibliography 1 Business Continuity Planning, FEMA, Retrieved: June 16, 2012 https://store.theartofservice.com/the-business-continuity-toolkit.html

75 Business continuity planning - Bibliography 1 Continuity of Operations Planning (no date). U.S. Department of Homeland Security. Retrieved July 26, https://store.theartofservice.com/the-business-continuity-toolkit.html

76 Business continuity planning - Bibliography 1 Purpose of Standard Checklist Criteria For Business Recovery (no date). Federal Emergency Management Agency. Retrieved July 26, https://store.theartofservice.com/the-business-continuity-toolkit.html

77 Business continuity planning - Bibliography 1 NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs — PDF (2010). National Fire Protection Association. https://store.theartofservice.com/the-business-continuity-toolkit.html

78 Business continuity planning - Bibliography 1 United States General Accounting Office Y2k BCP Guide (August 1998). United States Government Accountability Office. https://store.theartofservice.com/the-business-continuity-toolkit.html

79 Business continuity planning - International Organization for Standardization 1 ISO/IEC 27001:2005 (formerly BS :2002) Information Security Management System https://store.theartofservice.com/the-business-continuity-toolkit.html

80 Business continuity planning - International Organization for Standardization 1 ISO/IEC 27002:2005 (renumerated ISO17999:2005) Information Security Management – Code of Practice https://store.theartofservice.com/the-business-continuity-toolkit.html

81 Business continuity planning - International Organization for Standardization 1 ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity https://store.theartofservice.com/the-business-continuity-toolkit.html

82 Business continuity planning - International Organization for Standardization 1 ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management https://store.theartofservice.com/the-business-continuity-toolkit.html

83 Business continuity planning - International Organization for Standardization 1 ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services https://store.theartofservice.com/the-business-continuity-toolkit.html

84 Business continuity planning - International Organization for Standardization 1 ISO 22301:2012 Societal security - Business continuity management systems - Requirements https://store.theartofservice.com/the-business-continuity-toolkit.html

85 Business continuity planning - International Organization for Standardization 1 ISO 22313:2012 Societal security - Business continuity management systems - Guidance https://store.theartofservice.com/the-business-continuity-toolkit.html

86 Business continuity planning - British Standards Institution 1 BS :2006 Business Continuity Management Part 1: Code of practice https://store.theartofservice.com/the-business-continuity-toolkit.html

87 Business continuity planning - Others 1 "A Guide to Business Continuity Planning" by James C. Barnes https://store.theartofservice.com/the-business-continuity-toolkit.html

88 Business continuity planning - Others 1 "Business Continuity Planning", A Step-by- Step Guide with Planning Forms on CDROM by Kenneth L Fulmer https://store.theartofservice.com/the-business-continuity-toolkit.html

89 Business continuity planning - Others 1 "Business Continuity Plan Design, 8 Steps for Getting Started Designing a Plan" By Richard Kepenach https://store.theartofservice.com/the-business-continuity-toolkit.html

90 Business continuity planning - Others 1 "Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell https://store.theartofservice.com/the-business-continuity-toolkit.html

91 Business continuity planning - Others 1 Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down. https://store.theartofservice.com/the-business-continuity-toolkit.html

92 Business continuity planning - Others 1 Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32–34. https://store.theartofservice.com/the-business-continuity-toolkit.html

93 Business continuity planning - Others 1 Exercising for Excellence (Delivering successful business continuity management exercises) by Crisis Solutions https://store.theartofservice.com/the-business-continuity-toolkit.html

94 Business continuity 1 If there is no Business Continuity plan implemented and the organization in question is facing a rather severe threat or disruption -that may lead to bankruptcy, the implementation and outcome, if not too late, may strengthen the organization's survival and its continuity of business activities (Gittleman, 2013). https://store.theartofservice.com/the-business-continuity-toolkit.html

95 Business continuity 1 It is also sometimes confused with Work Area Recovery (due to loss of the physical building which the business is conducted within); which is but a part of business continuity. https://store.theartofservice.com/the-business-continuity-toolkit.html

96 Business continuity 1 The term Business Continuity describes a mentality or methodology of conducting day-to-day business, whereas business continuity planning is an activity of determining what that methodology should be. The business continuity plan may be thought of as the incarnation of a methodology that is followed by everyone in an organization on a daily basis to ensure normal operations. https://store.theartofservice.com/the-business-continuity-toolkit.html

97 Business continuity - Standards 1 This section provides references to a number of worldwide BC/BCM standards (content pulled from SDO’s website): https://store.theartofservice.com/the-business-continuity-toolkit.html

98 Business continuity - Standards 1 ISO - On 15 May 2012, ISO published the International Standard ISO 22301:2012, "Societal security -- Business continuity management systems --- Requirements". A second International Standard ISO 22313, "Societal security -- Business continuity management systems – Guidance", is in the Draft International Standard (DIS) phase and is expected to be published in late 2012 or early https://store.theartofservice.com/the-business-continuity-toolkit.html

99 Business continuity - Standards 1 In 2011, ISO published the International Standard ISO/IEC 27031:2011, Information security - Security techniques — Guidelines for information and communication technology [ICT] readiness for business continuity." This provides guidance for organization's implementing the ICT component of business continuity management. It also provides guidance in support of the business continuity elements of the information security standards, ISO/IEC and ISO/IEC https://store.theartofservice.com/the-business-continuity-toolkit.html

100 Business continuity - Standards 1 The second, “BS :2007 Specification for Business Continuity Management”, specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS), describing only requirements that can be objectively and independently audited https://store.theartofservice.com/the-business-continuity-toolkit.html

101 Business continuity - Standards 1 North America – Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs. https://store.theartofservice.com/the-business-continuity-toolkit.html

102 Business continuity - Standards 1 North America - ASIS/BSI BCM.01:2010 published Dec 2010 https://store.theartofservice.com/the-business-continuity-toolkit.html

103 Business continuity - Standards 1 ANSI/ASIS SPC Organizational Resilience: The ANSI/ASIS SPC Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use American National Standard is under consideration for inclusion in the DHS PS-Prep, a voluntary program designed to enhance national resilience in an all hazards environment by improving private sector preparedness. https://store.theartofservice.com/the-business-continuity-toolkit.html

104 Business continuity - Standards 1 Australia – Published by Standards Australia HB : A practitioners guide to business continuity management HB : Executive guide to business continuity management In 2010, Standards Australia introduced their Standard AS/NZS 5050 that connects far more closely with traditional risk management practices. This interpretation is designed to be used in conjunction with AS/NZS covering risk management. https://store.theartofservice.com/the-business-continuity-toolkit.html

105 Business continuity - Program 1 Ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidents, disasters, emergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis https://store.theartofservice.com/the-business-continuity-toolkit.html

106 Business continuity - Policies 1 Policies are those things mandated by the management of an organization that will always be performed according to a preset design plan, and supporting all business functions within an organization. https://store.theartofservice.com/the-business-continuity-toolkit.html

107 Business continuity - BC/BCM plan 1 The components of the business continuity methodology required for manifestation into a documented plan include: https://store.theartofservice.com/the-business-continuity-toolkit.html

108 Business continuity - BC/BCM plan 1 Set of documents, instructions, and procedures which enable a business to respond to accidents, disasters, emergencies, and/or threats without any stoppage or hindrance in its key operations. Also called business resumption plan, disaster recovery plan, or recovery plan. https://store.theartofservice.com/the-business-continuity-toolkit.html

109 Business continuity - BC/BCM planning 1 Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm's key operations in the event of an accident, disaster, emergency, and/or threat. It involves (1) risk mitigation planning (reducing possibility of the occurrence of adverse events), and (2) business recovery planning (ensuring continued operation in the aftermath of a disaster). https://store.theartofservice.com/the-business-continuity-toolkit.html

110 Business continuity - Guidelines 1 Guidelines are those things which are recommended to be performed according to a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementation. https://store.theartofservice.com/the-business-continuity-toolkit.html

111 Business continuity - Procedures 1 British Standard and other standards identified above provide a specification for implementing a business continuity management system within an organization. https://store.theartofservice.com/the-business-continuity-toolkit.html

112 Business continuity - Business impact analysis (BIA) 1 The entire concept of business continuity is based on the identification of all business functions within an organization, and then assigning a level of importance to each business function. A business impact analysis is the primary tool for gathering this information and assigning criticality, recovery point objectives, and recovery time objectives, and is therefore part of the basic foundation of business continuity. https://store.theartofservice.com/the-business-continuity-toolkit.html

113 Business continuity - Business impact analysis (BIA) 1 The BIA can be used to identify extent and timescale of the impact on different levels of an organization. For instance it can examine the effect of disruption on operational, functional and strategic activities of an organization. Not only the current activities but the effect of disruption on major business changes, introducing new product or services for example, can be determined by BIA. https://store.theartofservice.com/the-business-continuity-toolkit.html

114 Business continuity - Business impact analysis (BIA) 1 Most standards require that a business impact analysis should be reviewed at defined intervals appropriate for each organization and whenever any of the following occur: https://store.theartofservice.com/the-business-continuity-toolkit.html

115 Business continuity - Business impact analysis (BIA) 1 Significant changes in the internal business process, location or technology https://store.theartofservice.com/the-business-continuity-toolkit.html

116 Business continuity - Business impact analysis (BIA) 1 Significant changes in the external business environment – such as market or regulatory change https://store.theartofservice.com/the-business-continuity-toolkit.html

117 Business continuity - Security management 1 In today's global business environment, security must be the top priority in managing Information Technology. For most organizations, security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. Failure to pass security audits can have financial and management changing impacts upon an organization. https://store.theartofservice.com/the-business-continuity-toolkit.html

118 Business continuity - Document management 1 In large information technology environments, personnel turnover is inevitable and must be planned as part of business continuity https://store.theartofservice.com/the-business-continuity-toolkit.html

119 Business continuity - Change management 1 Regulations require that changes to business functions be documented and tracked for auditing purposes and is designated as "change control". This brings a level of stability to the business functions by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be less upon personnel control, and more upon regulatory compliance. https://store.theartofservice.com/the-business-continuity-toolkit.html

120 Business continuity - Audit management 1 One of the goals of business continuity is data center automation, which includes audit management https://store.theartofservice.com/the-business-continuity-toolkit.html

121 Business continuity - Audit management 1 Automation is often associated with the idea of centralized management - in area of data storage and data management. Solutions based on storage consolidation can ensure data safety, efficiency, high availability, reliability and convenience. https://store.theartofservice.com/the-business-continuity-toolkit.html

122 Business continuity - Service level agreements (SLA) 1 The interface between management and information technology is the Service level agreement (SLA). This provides a written contract stipulating the expectations of management with regard to the availability of a necessary business function, and the deliverables that information technology provides in support of that business function. https://store.theartofservice.com/the-business-continuity-toolkit.html

123 Business continuity - Communications systems 1 In order to avoid some of the potential problems associated with disrupted communication channels, the business continuity plan should include a lead manager who will be in charge of all communications in that area, the cooperation of executives and public relations people, and scheduled exercises to put the plan into practice. https://store.theartofservice.com/the-business-continuity-toolkit.html

124 Business continuity - Other components 1 Disaster recovery planning occurs as a subset of defining the business continuity procedures. https://store.theartofservice.com/the-business-continuity-toolkit.html

125 Business continuity - Other components 1 The following is a list of physical and logical entities within an information technology environment which require the application of a business continuity Methodology. Applying the methodology should include the definition of things such as policies, guidelines, standards, procedures, etc., for each item in the list: https://store.theartofservice.com/the-business-continuity-toolkit.html

126 Business continuity - Other components 1 Logical Volumes / Disk Partitions https://store.theartofservice.com/the-business-continuity-toolkit.html

127 Business continuity - Other components 1 Journaling Filesystems Log https://store.theartofservice.com/the-business-continuity-toolkit.html

128 Business continuity - Other components 1 Group names and GID numbers https://store.theartofservice.com/the-business-continuity-toolkit.html

129 Business continuity - Planning 1 Planning, prevention, and preparation are a key part of any business continuity management system and have direct read across from civil contingencies planning. The activity begins with understanding the business to identify potential risks and threats to critical business activities both internally and from the external environment. It is also advisable to examine the resilience of suppliers. https://store.theartofservice.com/the-business-continuity-toolkit.html

130 EC-Council - Disaster Recovery and Business Continuity 1 EC-Council Disaster Recovery Professional (EDRP) https://store.theartofservice.com/the-business-continuity-toolkit.html

131 Disaster recovery and business continuity auditing 1 Disaster recovery and business continuity auditing https://store.theartofservice.com/the-business-continuity-toolkit.html

132 Disaster recovery and business continuity auditing 1 Disaster recovery (DR) and business continuity refers to an organization’s ability to recover from a disaster and/or unexpected event and resume operations. Organizations often have a plan in place (usually referred to as a "Disaster Recovery Plan", or "Business Continuity Plan") that outlines how a recovery will be accomplished. The key to successful disaster recovery is to have a plan (emergency plan, disaster recovery plan, continuity plan) well before disaster ever strikes. https://store.theartofservice.com/the-business-continuity-toolkit.html

133 Disaster recovery and business continuity auditing 1 Given ever-changing business objectives, one common need in disaster recovery is to perform an audit of the disaster recovery capacity of an organization https://store.theartofservice.com/the-business-continuity-toolkit.html

134 Disaster recovery and business continuity auditing - Metrics 1 Some of the key metrics to be measured in a disaster recovery environment are the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is a metric that measures the time that it takes for a system to be completely up and running in the event of a disaster. RPO measures the ability to recover files by specifying a point in time restore of the backup copy. https://store.theartofservice.com/the-business-continuity-toolkit.html

135 Disaster recovery and business continuity auditing - Mission statement 1 A disaster recovery mission statement is used to identify the purpose and goals of the disaster recovery plan. The mission statement can also help an auditor obtain a better understanding of the organization’s environment. An auditor examined the mission statement to determine the objectives, priorities, and goals of the disaster recovery plan. https://store.theartofservice.com/the-business-continuity-toolkit.html

136 Disaster recovery and business continuity auditing - The DR committee and auditor 1 The organization appoints individuals responsible for designing and implementing the disaster recovery plan when needed https://store.theartofservice.com/the-business-continuity-toolkit.html

137 Disaster recovery and business continuity auditing - The DR committee and auditor 1 An auditor is assigned to examine and assess the project manager and deputy project manager’s training, experience, and abilities as well as to analyze the capabilities of the team members to complete assigned tasks and that more than one individual is trained and capable of doing a particular function. Tests and inquiries of personnel can help achieve this objective. https://store.theartofservice.com/the-business-continuity-toolkit.html

138 Disaster recovery and business continuity auditing - The DR committee and auditor 1 Organizations, particularly large organizations, ordinarily assign the task of determining, on an ongoing basis, if the procedures stated in the disaster recovery plan are actually consistent with real practice to a specific individual within the organization https://store.theartofservice.com/the-business-continuity-toolkit.html

139 Disaster recovery and business continuity auditing - Documentation 1 To maximize their effectiveness, disaster recovery plans are documented in written form and in a manner that is easily understood by those who will need to use it https://store.theartofservice.com/the-business-continuity-toolkit.html

140 Disaster recovery and business continuity auditing - Site designation 1 A hot/cold site is a location that an organization can move to after a disaster if the current facility is unusable https://store.theartofservice.com/the-business-continuity-toolkit.html

141 Disaster recovery and business continuity auditing - Site designation 1 The auditor can verify this through paper and paperless documentation and actual physical observation. Testing of the backups and procedures is also performed to confirm data integrity and effective processes. The security of the storage site is also confirmed. https://store.theartofservice.com/the-business-continuity-toolkit.html

142 Disaster recovery and business continuity auditing - Data backup 1 Data backups are central to any disaster recovery plan. An audit of backup processes determines if (a) they are effective, and (b) if they are actually being implemented by the involved personnel. Some techniques that are used to accomplish this include direct observation of the processes in question, analyzing and researching the backup equipment used, conducting computer-assisted audit techniques and tests, examining of paper and paperless records. https://store.theartofservice.com/the-business-continuity-toolkit.html

143 Disaster recovery and business continuity auditing - Data backup 1 The continual backing up of data and systems can help minimize the impact of threats. Even so, the disaster recovery plan also includes information on how best to recover any data that has not been copied. Controls and protections are put in place to ensure that data is not damaged, altered, or destroyed during this process. Information technology experts and procedures need to be identified that can accomplish this endeavor. Vendor manuals can also assist in determining how best to proceed. https://store.theartofservice.com/the-business-continuity-toolkit.html

144 Disaster recovery and business continuity auditing - Drills 1 Practice drills conducted periodically to determine how effective the plan is and to determine what changes may be necessary. The auditor’s primary concern here is verifying that these drills are being conducted properly and that problems uncovered during these drills are addressed and procedures designed to deal with these potential deficiencies are implemented and tested to determine their effectiveness. https://store.theartofservice.com/the-business-continuity-toolkit.html

145 Disaster recovery and business continuity auditing - Backup of key personnel 1 A disaster recovery plan includes clearly written policies and specific communication with employees to ensure that both regular and replacement personnel is selected, documented, and informed should a disaster occur https://store.theartofservice.com/the-business-continuity-toolkit.html

146 Disaster recovery and business continuity auditing - Insurance issues 1 The auditor determines the adequacy of the company's insurance coverage (particularly property and casualty insurance) through a review of the company's insurance policies and other research https://store.theartofservice.com/the-business-continuity-toolkit.html

147 Disaster recovery and business continuity auditing - Insurance issues 1 Effective DR plans take into account the extent of a company's responsibilities to other entities and its ability to fulfill those commitments despite a major disaster https://store.theartofservice.com/the-business-continuity-toolkit.html

148 Disaster recovery and business continuity auditing - Communication issues 1 Good disaster recovery planning ensures that both management and the recovery team have disaster recovery procedures which allow for effective communication https://store.theartofservice.com/the-business-continuity-toolkit.html

149 Disaster recovery and business continuity auditing - Emergency procedures 1 Procedures to sustain staff during a round- the clock disaster recovery effort are included in any good disaster recovery plan https://store.theartofservice.com/the-business-continuity-toolkit.html

150 Disaster recovery and business continuity auditing - Environmental issues 1 Disaster recovery plans may also involve procedures that take into account the possibility of power failures or other situations that are of a non-IT nature https://store.theartofservice.com/the-business-continuity-toolkit.html

151 TRAC (ISMS) - Business Continuity Program 1 The Business Continuity Program module provides a framework for conducting a Business Impact Analysis as well as creating a full Business Continuity Plan. https://store.theartofservice.com/the-business-continuity-toolkit.html

152 Resilience (organizational) - Business Continuity and Competitiveness 1 Many corporations are adopting resilience and business continuity initiatives and sharing best practices.[https://www.policyarchive.org/bit stream/handle/10207/9662/Building_Resili ence_OCT6.pdf?sequence=1 Building A Resilient Nation: Enhancing Security, Ensuring a Strong Economy] https://store.theartofservice.com/the-business-continuity-toolkit.html

153 Resilience (organizational) - Business Continuity and Competitiveness 1 Many experts and leaders see resilience as a vital component to a comprehensive homeland security strategy.Katherine McIntire Peters https://store.theartofservice.com/the-business-continuity-toolkit.html

154 Crisis management - Business continuity planning 1 Business Management: Top tips for effective, real- world Business Continuity Management) https://store.theartofservice.com/the-business-continuity-toolkit.html

155 Crisis management - Business continuity planning 1 Each critical function and or/process must have its own contingency plan in the event that one of the functions/processes ceases or fails, then the business/organisation is more resilient, which in itself provides a mechanism to lessen the possibility of having to invoke recovery plans (Osborne, 2007) https://store.theartofservice.com/the-business-continuity-toolkit.html

156 Crisis management - Business continuity planning 1 A note of caution when planning training scenarios, all too often simulations can lack ingenuity, an appropriate level of realism and as a consequence potentially lose their training value https://store.theartofservice.com/the-business-continuity-toolkit.html

157 Crisis management - Business continuity planning 1 Following a simulation exercise, a thorough and systematic debriefing must be conducted as a key component of any crisis simulation. The purpose of this is to create a link and draw lessons from the reality of the simulated representation and the reality of the real world. (Borodzicz, 2005). https://store.theartofservice.com/the-business-continuity-toolkit.html

158 Crisis management - Business continuity planning 1 The whole process relating to business continuity planning should be periodically reviewed to identify any number of changes that may invalidate the current plan. (Osborne, 2007). https://store.theartofservice.com/the-business-continuity-toolkit.html

159 Facility management - Business continuity planning 1 All organisations should have in place a continuity plan so that in the event of a fire or major failure the business can recover quickly. In large organisations it may be that the staff move to another site that has been set up to model the existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site. https://store.theartofservice.com/the-business-continuity-toolkit.html

160 Information risk management - Risk management and business continuity 1 Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to deal with the consequences of realised residual risks https://store.theartofservice.com/the-business-continuity-toolkit.html

161 Business continuity management 1 A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime https://store.theartofservice.com/the-business-continuity-toolkit.html

162 Business continuity management 1 In 2007, the BSI published BS Specification for Business Continuity Management, which specifies requirements for implementing, operating and improving a documented business continuity management system (BCMS). https://store.theartofservice.com/the-business-continuity-toolkit.html

163 Business continuity management - Business impact analysis (BIA) 1 * Recovery Time Objective (RTO) – the acceptable amount of time to restore the function https://store.theartofservice.com/the-business-continuity-toolkit.html

164 Business continuity management - Business impact analysis (BIA) 1 * The business requirements for recovery of the critical function, and/or https://store.theartofservice.com/the-business-continuity-toolkit.html

165 Business continuity management - Business impact analysis (BIA) 1 * The technical requirements for recovery of the critical function https://store.theartofservice.com/the-business-continuity-toolkit.html

166 Information security policies - Business continuity 1 # Should a disaster strike, what are the first few things that I should do? Should I call people to find if they are OK or call up the bank to figure out my money is safe? This is Emergency Response. Emergency Response services help take the first hit when the disaster strikes and if the disaster is serious enough the Emergency Response teams need to quickly get a Crisis Management team in place. https://store.theartofservice.com/the-business-continuity-toolkit.html

167 Information security policies - Business continuity 1 # What parts of my business should I recover first? The one that brings me most money or the one where I spend the most, or the one that will ensure I shall be able to get sustained future growth? The identified sections are the critical business units. There is no magic bullet here, no one answer satisfies all. Businesses need to find answers that meet business requirements. https://store.theartofservice.com/the-business-continuity-toolkit.html

168 Information security policies - Business continuity 1 # How soon should I target to recover my critical business units? In BCP technical jargon, this is called Recovery Time Objective, or Recovery time objective|RTO. This objective will define what costs the business will need to spend to recover from a disruption. For example, it is cheaper to recover a business in 1 day than in 1 hour. https://store.theartofservice.com/the-business-continuity-toolkit.html

169 Information security policies - Business continuity 1 # What all do I need to recover the business? IT, machinery, records...food, water, people...So many aspects to dwell upon. The cost factor becomes clearer now...Business leaders need to drive business continuity. Hold on. My IT manager spent $ last month and created a DRP (Disaster recovery|Disaster Recovery Plan), whatever happened to that? a DRP is about continuing an IT system, and is one of the sections of a comprehensive Business Continuity Plan. Look below for more on this. https://store.theartofservice.com/the-business-continuity-toolkit.html

170 Information security policies - Business continuity 1 # And where do I recover my business from... Will the business center give me space to work, or would it be flooded by many people queuing up for the same reasons that I am. https://store.theartofservice.com/the-business-continuity-toolkit.html

171 Information security policies - Business continuity 1 # But once I do recover from the disaster and work in reduced production capacity since my main operational sites are unavailable, how long can this go on. How long can I do without my original sites, systems, people? this defines the amount of business resilience a business may have. https://store.theartofservice.com/the-business-continuity-toolkit.html

172 Information security policies - Business continuity 1 # Now that I know how to recover my business. How do I make sure my plan works? Most BCP pundits would recommend testing the plan at least once a year, reviewing it for adequacy and rewriting or updating the plans either annually or when businesses change. https://store.theartofservice.com/the-business-continuity-toolkit.html

173 Disaster recovery plan - Relationship to the Business Continuity Plan 1 The Institute further states that a Business Continuity Plan (BCP) consists of the five component plans:[http://www.sans.org/reading_room/ whitepapers/recovery/disaster-recovery- plan_1164 The Disaster Recovery Plan.] Chad Bahan https://store.theartofservice.com/the-business-continuity-toolkit.html

174 Disaster recovery plan - Relationship to the Business Continuity Plan 1 * Business Resumption Plan https://store.theartofservice.com/the-business-continuity-toolkit.html

175 Disaster recovery plan - Relationship to the Business Continuity Plan 1 * Continuity of Operations Plan https://store.theartofservice.com/the-business-continuity-toolkit.html

176 Disaster recovery plan - Relationship to the Business Continuity Plan 1 The Institute states that the first three plans (Business Resumption, Occupant Emergency, and Continuity of Operations Plans) do not deal with the IT infrastructure https://store.theartofservice.com/the-business-continuity-toolkit.html

177 Disaster recovery plan - Relationship to the Business Continuity Plan 1 The Disaster Recovery Institute International states that disaster recovery is the area of business continuity that deals with technology recovery as opposed to the recovery of business operations.Disaster Recovery Institute International. Course BCLE Participant Guide: Professional Practice 6. Page https://store.theartofservice.com/the-business-continuity-toolkit.html

178 Certified Business Continuity Professional 1 'Certified Business Continuity Professional' ('CBCPDisaster Recovery Institute International. Certification CBCP. https://www.drii.org/certification/cbcp.php (accessed June 3, 2011).') is internationally recognized professional certification issued by the Disaster Recovery Institute for Business continuity planning|business continuity management. A certified expert must pass a detailed exam consisting of ten domains and prove his/hers experience in at least five domains for minimum two years. https://store.theartofservice.com/the-business-continuity-toolkit.html

179 Coordinated Incident Management System - Business Continuity / Crisis Management 1 In recent years, CIMS has also been recognised as best practice for implementing management structures for response and recovery https://store.theartofservice.com/the-business-continuity-toolkit.html

180 Facilities management - Business continuity planning 1 All organizations should have in place a continuity plan so that in the event of a fire or major failure the business can recover quickly. In large organizations it may be that the staff move to another site that has been set up to model the existing operation. The facilities management department would be one of the key players should it be necessary to move the business to a recovery site. https://store.theartofservice.com/the-business-continuity-toolkit.html

181 Emergency procedure - Business Continuity Planning 1 Business continuity planning may also feed off of the emergency procedures, enabling an organization to identify points of vulnerability and minimise the risk to the business by preparing backup plans and improving resilience. The act of producing the procedures may also highlight failings in current arrangements that if corrected, could reduce the risk levels. https://store.theartofservice.com/the-business-continuity-toolkit.html

182 For More Information, Visit: https://store.theartofservice.co m/the-business-continuity- toolkit.html https://store.theartofservice.co m/the-business-continuity- toolkit.html The Art of Service https://store.theartofservice.com


Download ppt "Business Continuity https://store.theartofservice.com/the-business-continuity-toolkit.html."

Similar presentations


Ads by Google