Business Continuity Plan Flashcards
Define Business Continuity
preserving critical business functions in the face of a disaster
provision for an event or circumstance that is possible but cannot be predicted with certainty
“the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive event”
If done well, the business continues to __________ during adverse situations and deliver a _________ recovery
operate, faster
what is the goal of business continuity
minimize the effects of outages and disruptions on business operations
what do the practices of business continuity enable an organization to do
- get back on its feet after problems occur
- reduce the risk of data loss and reputational harm
- improve operations while decreasing the chance of emergencies
define resiliency
ensuring continuity - not only of the technology but the entire organization and all procedures
Resiliency has become the watchword for organizations facing an array of threats, from _________ _______ to the latest round of ______ ______
natural disasters, cyber attacks
when an outage occurs about how many are classified as severe or serious
a fifth
- there were big financial, reputational, and other consequences
List possible examples of events
- Epidemic/pandemic
- Earthquake
- Fire
- Flood
- cyber attack
- Sabotage (insider or external threat)
- Hurricane or other major storm
- Power outage
- Water outage (supply interruption, contamination)
- Telecomms outage
- IT outage
- Terrorism/Piracy
- War/civil disorder
- Theft (insider or external threat, vital information or material)
- Random failure of mission-critical systems
- Single point dependency
- Supplier failure
- Data corruption
- Misconfiguration
- Fiber cut
List possible examples of events
- Epidemic/pandemic
- Earthquake
- Fire
- Flood
- cyber attack
- Sabotage (insider or external threat)
- Hurricane or other major storm
- Power outage
- Water outage (supply interruption, contamination)
- Telecomms outage
- IT outage
- Terrorism/Piracy
- War/civil disorder
- Theft (insider or external threat, vital information or material)
- Random failure of mission-critical systems
- Single point dependency
- Supplier failure
- Data corruption
- Misconfiguration
- Fiber cut
what are the 5 things BCM ensures effectiveness in?
- Identifying operational risks
- Implementing mitigating controls
- Responding to disruptive events.
- Recovering operations
- Conducting a postmortem
what is the origin of BCM?
evolved from IT disaster recovery in the 1990s
caused by 24/7 delivery
globalization
increased number of natural disasters
spread of medical viruses, etc
Non-IT aspects are more challenging b/c they are _________-oriented and _________-oriented
people, process
list 3 similarities in BC and DR
- both are proactive in minimizing effects of a catastrophe
- both can be used to in a range of events
- both require regular review
How is BC different from DR?
- keeping business operational during a disaster
- maintaining operations
goal: limit operational downtime - focuses on keeping the lights on and the business open in some capacity
- focused on the entire business
How is DR different from BC
- restoring data access and IT infrastructure after a disaster
- creating additional employee safety measures (fire drills)
goal: limit abnormal or inefficient system function - focuses on getting operations back to normal
- just focused on IT/data
list the 5 steps for business continuity
- risk assessment and analysis
- business impact analysis
- developing a BCM plan
- testing and maintaining the BCM plan
- BCM and crisis management response
What are the fundamental components of a BCP (10) ?
- Planning, testing, and recovery of these vital components are key to building a resilient organization:
- Workspace Recovery
- Cyber Resilience
- Data Backup, Replication, and Recovery
- Personnel
- Third-Party Service Providers
- Telecommunications
- Power
- Change Management
- Communication and Notifications
List the dimensions of each disaster (8)
- description
- potential impact
- risk factors
- warning times
- technology continuity
- people continuity
- process continuity
- insurance considerations
what are the 7 additional key principles of business continuity
- get employees involved
- keep customers in the loop
- collaborate with suppliers
- periodically test and update BC plans
- factor in compliance
- examine insurance options carefully
- data backup is not enough
5 steps to evaluate your BCP Holistically
- map your vendor risk landscape
- distinguish among diff shades of red
- be specific
- trust but verify
- react
5 steps to evaluate your BCP Holistically
- map your vendor risk landscape - the journey to an integrated responsive and proactive business continuity management program that extends beyond company walls begins with a thorough business impact analysis (BIA)
- distinguish among diff shades of red
- be specific
- trust but verify
- react
List Business Impact Analysis (BIA) highlights
- critical technology
- personnel needs and key workspace needs
- provides the first piece of the vendor resiliency and recoverability puzzle
What is the key output of BIA
set of impact and resiliency strategy details about the organizations critical vendors and includes
- mapping of business processes to specific critical vendors
- impacts over time if those vendors services are unavailable
- analysis of whether alternate vendors exist, is so their ability to substitute for the primary vendor
What are the 3 companions to the BIA
- interruption risk assessment (RA)
- high-level vendor interruption risk assessment (VIRA)
- the identification of a recovery strategy
List the 9 critical risk variables
- revenue and inventory impact from loss
- proximity of the vendor and logistics
- capacity utilization
- SLA and right to audit
- potential impact on service/product quality if vendor change is performed rapidly
- labor, country, geopolitical risks
- level of vendor integration with your technology
- correlated risk
- regulatory issues and cross border issues
