Business Continuity & Disaster Recovery Planning Flashcards

1
Q

2 categories for distaster ?

A
  • Natural

* Man-Made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does disaster affect Business ?

A

Damage to Property (the building)
Damage to business records (paper,electronic)
Damage to business equipment (computers, copiers)
Damage to communications (telephone, wireless)
Damage to Public Ulilities (power,water,gas)
Damage to transportation systems (bus,train)
Injuries and loss of life
Indirect Damage - Suppliers and customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Goal of BCP ?

A

Business Continuity Planning deals with keeping business operations running — perhaps in another location or by using different tools and processes — after a disaster has struck.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Goal of DRP ?

A

Disaster Recovery Planning deals with restoring normal business operations after the disaster takes place.
Speed of recovery is directly proportional to cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BCP / DRP Commonalities ?

A
  • Identification of critical business functions (done via an assessment)
  • Identification of possible disaster scenarios (disaster scenarios identified and ranked by probability.
  • Experts (critical business process)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BCP

A

This concentrates on continuing / keeping business operations running.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DRP

A

This concentrates on restoring / recovering the original business function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is COOP ?

A

Continuity of Operations - a blending of BCP and DRP into a single mission statement - keeping the organisation running after a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

BCP - Success ?

A

Areas of Concern:

Success of the BCP depends on scope definition.

Business Process (muddy waters)
Technology (muddy waters)
geographical dispersement (adds difficulty)
Politics (departments lobby claim criticality)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is scope creep ?

A

When a project’s scope grows beyond the original intent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is scope lean ?

A

When a project’s scope changes and ‘leans’ in a certain direction.

The project team needs to find a balance between too narrow a scope, which makes the plan ineffective, and too wide a scope, which makes the plan too cumbersome.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the BIA ?

A

Business Impact Analysis (BIA)

  • describes the impact a disaster will have on Business Operations.
  • should include qualatative and quantative impacts.
  • quantative - Mostly finance.
  • qualatative - delivery of goods and services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

BIA Tasks:

A
  • Perform a Vulnerability Assessment
  • Carry out a Criticality Assessment
  • Determine the Maximum Tolerable Downtime
  • Establish recovery targets
  • Determine resource requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a vulnerability assessment ? (BIA)

A
  • assesses weaknesses in business critical systems.
  • identifies critical support areas which are business functions.
  • quantative - Mostly finance.
  • qualatative - delivery of goods and services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Quantitative Losses ? (Vuln Assess, BIA)

A
  • Loss of revenue
  • Loss of operating capital
  • Loss because of personal liabilities
  • Increase in expenses
  • Penalties because of violations of business contracts
  • Violations of laws and regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Qualitative Losses ? (Vuln Assess, BIA)

A
  • Service quality
  • Competitive advantages
  • Customer satisfaction
  • Market share
  • Prestige and reputation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Criticality Assessment ? (BIA)

A
  • Ranked inventory of high level business functions.
  • description of each affected ranked function.
  • Assessement should consider time (hour vs day)
  • Assessment should consider times of year (Aug v May)
  • Establish Max. Tolerable Downtime. (MTD)
18
Q

Key Player identification in BIA.

A
  • managers have jobs, what is theirs ?
  • better view of an organisation.
  • Be aware of outsourced functionality.
19
Q

What is MTD / MTPD ? (BIA)

A

This is Maximum Tolerable Downtime.

  • A component of a critical assessment.
  • aka Max. Tolerable Period of Downtime (MTPD)
  • Max time before a business suffers long lasting damage
20
Q

Establishing Recovery Targets.

A
  • established post Crit assement & MTD.

* Each business process has a recovery time and a recovery point objective.

21
Q

What is RTO ? (BIA)

A

Recovery Time Objective.
The maximum period of time in which a business process must be restored after a disaster.
Shorter RTOs = Larger investments.

22
Q

What is a RPO ? (BIA)

A

Recovery Point Objective.
The maximum period of time in which data might be lost if a disaster strikes.
* RPO is measured from last known good back up.

23
Q

What is the BIA Resource Requirement ?

A

A listing of the resources that an organization needs in order to continue operating each critical business function, resources should allocated by criticality rank.

Example: Systems, Applications, suppliers, partners, business equipment and personnel.

24
Q

What are the various elements of a BCP ?

A
Emergency Response
Damage Assessment
Personnel Safety
Personnel Notification
Backups and Off Site Storage
25
Q

What is the BCP Emergency Response ?

A
  • team designation for each kind of disaster

* Documented Procedures and CheckLists

26
Q

What is the BCP Damage Assessment ?

A

Damage assessments determine whether an organization can still use buildings and equipment, whether they can use those items after some repairs, or whether they must abandon those items altogether.

27
Q

What is Personnel Safety ? (BCP)

A

In any kind of disaster, the safety of personnel is the highest priority, ahead of buildings, equipment, computers, backup tapes, and so on.

28
Q

What is Personnel Notification? (BCP)

A
  • The BCP must contain provisions for communication

* This also covers tactical and status reports to key personnel throughout the incident.

29
Q

Factors to consider with regards to Back Ups and Notifications ? (BCP)

A
  • The time that it takes to perform backups
  • The effort required to restore data
  • The procedures for restoring data from backups, compared with other methods for recovering the data
30
Q

What is a BCP ?

A

Backup Continuity Plan

31
Q

What is a Software Escrow Agreement ?

A

A software vendor sends a copy of its software code to a third-party escrow organization for safekeeping.

32
Q

What is the Relevance of External Communications ?

A

The Corporate Communications, External Affairs, and (if applicable) Investor Relations departments should all have plans in place for communicating the facts about a disaster to the press, customers, and public. You need contingency plans for these functions if you want the organization to continue communicating to the outside world.

33
Q

Utilities in the BCP ?

A

Data-processing facilities that support time-critical business functions must keep running in the event of a power failure. Although every situation is different, the principle remains the same: The BCP team must determine for what period of time the data-processing facility must be able to continue operating without utility power.

34
Q

Logistics and Supplies in the BCP ?

A

For companies that rely on daily / weekly / monthly shipments this step is key.
Not just for the company but for suppliers as well.

35
Q

Documentation in the BCP ?

A
  • All documentation for all services should be up to date.
  • All documentation should be centralised.
  • Should be available off site to avoid single points of failure.
36
Q

Data processing continuity planning

A
  • Where the business will continue to sustain its data processing functions.
  • How the business will continue to sustain its data processing functions.
    Solutions:
  • Cold Site - empty room + hvac (least costly)
  • Warm Site - room + none configured equipment + hvac
  • Hot Site - Mirror + data sync (expensive, least down time)
  • Reciprocal Site - Colo with another company.
  • Multi Data Centres - business as usual.
37
Q

Financial Readiness

A
  • Insurance - take out insurance against hardware
  • Cash reserves - set aside money for the inevitable
  • Line of credit
  • Pre-purchased assets
  • Letters of agreement: An organization may wish to establish legal agreements that would be enacted in a disaster. These may range from use of emergency work locations (such as nearby hotels), use of fleet vehicles,
    appropriation of computers used by lower-priority systems, and so on.

*Standby assets

38
Q

Maintaining Physical Security

A

Looting and vandalism sometimes occur after significant disastrous events.

The organization must be prepared to deploy additional guards, as well as erect temporary fencing and other physical barriers in order to protect its physical assets

39
Q

Personnel Safety

A

The safety of personnel needs to be addressed, as there are often personnel working in areas with damage and safety issues, usually right after a disaster, during salvage and damage assessment.

An organization’s number-one priority is the safety of its personnel.

40
Q

Testing the Disaster Recovery Plan

A

Checklist - A detailed review of the steps
Walkthough - team led walk through of what to do. Questions that occur are listed marked down and tackled post WalkThrough.
Simulation - Practice (no action) of a disaster, team driven.
Parallel - Team led DR action plan, original systems continue to run in parallel.
Interruption - This is also referred to as a cut over. It is team led, and is a full simulation of a disaster.