Chapter 9 Flashcards
What is a key consideration for BCP maintenance?
Regular maintenance of the BCP is critical.
List some (4) factors that may impact the BCP.
System and software changes,
organization/process changes,
personnel changes, and
supplier changes.
What are some lessons learned from testing/exercises?
Issues identified during plan implementation.
What should be considered during plan review and risk assessment?
Changes to the external environment.
According to the course notes, what is the largest predictor of BCP success or failure?
Commitment of senior management.
What term is used to describe a more comprehensive approach to dealing with threats beyond an Emergency Action Plan?
Business Continuity
What are the 3 major components of Business Continuity Planning?
De, Te, and Ma…….
• De → Development
• Te → Testing
• Ma → Maintenance
What is a key factor in ensuring the continuation of business operations during and after an incident?
Proper team structure and crisis management
Why is it important to assign accountability in the readiness phase of a Business Continuity Plan?
To ensure that tasks are properly assigned and carried out
What are the five major areas in developing a Business Continuity Plan according to ASIS International?
Re
Im
Va
Ma and
Et
Readiness,
Implementation,
Validation,
Maintenance, and
Ethics
What is the recommended frequency for maintaining and updating Business Continuity Plans?
Annually or when changes occur
What type of events play a significant role in planning for potential disasters?
Weather and nature-related events
In what situations can sheltering in place be invoked according to the text?
Weather events (e.g., snow, flooding) and man-made threats
What is the purpose of a Rapid Entry Key Vault in a building?
To provide emergency responders access to essential keys or badges
Who is responsible for building the Crisis Management Team for a Business Continuity Plan?
Senior organizational leadership
What is the preliminary assessment in the Recovery phase?
Damage and impact assessment.
What is included in the assessment of damage in the Recovery phase?
Physical damage and non-physical damage like cyber-attacks.
What is the prioritized list in the Recovery phase for business resumption?
Needs……to include critical and remaining processes as per BIA.
What signifies the end of a crisis during the Recovery phase?
Return to normal operations.
What is included in Phase II of the BCP development process?
Ed
Tr and
Te the BCP
Educating, training, and testing the BCP.
What should be part of education and training for personnel?
Key components of the BCP and response plans.
Three reasons why testing the plan is important?
Ensure R are M
FW and
I R
To ensure requirements are met,
find weaknesses, and
improve response.
What is the purpose of incorporating lessons from previous tests into the BCP?
To enhance future tests and improve the plan’s effectiveness.
What roles (5) can participants take during testing?
Facilitator,
Simulator
controller,
observer, or
participants.
What 3 things should be done post-completion of a test or exercise?
Ev,
As based on g, and
M BCP if necessary
Evaluate,
assessment based on goals, and
modify BCP if necessary.
When should the BCP be reviewed according to the notes?
Whenever any trigger like risk assessment or incident occurs.
What 4 things trigger a review of a BCP?
RA
IT
RR and
EE
Risk assessment,
industry trends,
regulatory requirements, and
event exercises.
What is the purpose of a Risk Assessment?
To identify and analyze essential personnel, business operations, and potential risks.
What 3 things are included in a Business Impact Analysis (BIA)?
I of C P,
I A (H C, F C, C I),
R O
Identification of critical processes,
impact assessment (human cost, financial cost, corporate image),
recovery objectives.
What are the 5 criteria for strategic plans in Business Continuity Management?
At
Ve
C-e
H P of S
App for org’s S and T
At – Attainable
• Ve – Verifiable
• C-e – Cost-effective
• H P of S – High probability of success
• App for org’s S and T – Appropriate for the organization’s size and type.
What are 4 key aspects of a Crisis Management Team (CMT) formation?
TM chosen based on S and C
C M S
D-m A, and
R for Im
Team members chosen based on skills and commitment,
Clear management structure,
decision-making authority,
responsibility for implementation,
What does the Prevention phase of Crisis Management involve…..6 things?
Co with Co Po
Acc and All of R
Mo and Mi st and
Su Se
Compliance with corporate policies,
accountability and allocation of resources
Monitoring and mitigation strategies,
and
support services.
What steps (5) are involved in the Response phase of Crisis Management?
As the S
D and D a C
D C by Sr L
N the T
E the P promptly
Assess the situation
Determine and declare crisis,
declare crisis by senior leader,
Notify the team, and
execute the plan promptly.
How important is effective communication in crisis management?
Effective communication is crucial for conveying information quickly, honestly, and coming from the organization first.
What is the importance of resource management in crisis response (3 things)?
E S P A,
A for all I, and
A in E
ensures secondary personnel assignments,
accounting for all individuals, and
arrangements in emergencies.
