Domain 7: BCP/DRP Flashcards
Plan that ensures that a business will continue to operate before, throughout, and after a disaster event is experienced
Business Continuity Planning (BCP)
- Short-term plan for dealing with specific IT-oriented disruptions
- Also can be apart of the BCP
Disaster Recovery Plan (DRP)
List the documents inside of a BCP
- Continuity Planning Goals
- Statement of Importance
- Statement of Priorities
- Statement of Organizational Responsibility
- Statement of urgency and Timing
- Risk Assessment
- Risk Acceptance/Mitigation
- Vital records Program
- Emergency-Response Guideline
- Testing and exercises
- Disaster Recovery Process step
- We assess the event to see if it constitutes as a disaster
Respond
- Disaster Recovery Process step
- After disaster is declared we initiate the recovery team
Activate team
- Disaster Recovery Process step
- Ensures consistent timely status updates are delivered back to the central team managing the response and recovery process
- Interaction must often occur out-of-band
Communicate
- Disaster Recovery Process step
- More thorough evaluation carried out to determine the extent of the damage and to determine the proper steps necessary to ensure the organizations’ ability to meet its mission
Assess
- Disaster Recovery Process step
- The successful recovery of critical business operations at either a primary or secondary site
Reconstitution
List the 4 steps of the Business Continuity Planning process
- Project Scope and planning
- Business Impact Analysis (BIA)
- Continuity Planning
- Approval and Implementation
The BCP Project Scope and planning process includes what steps?
- Business Organization Analysis
- BCP Team selection
- Resource requirements
- Legal and regulatory requirements
- BCP Project Scope and planning process
- Identifies all depts. and individuals that have a stake in the BCP process
- Foundation for BCP team selection
- Used to guide the next stages of BCP development
Business Organization Analysis
The BCP team should include what members?
At minimum representatives from each of the operational and support departments
- IT dept.
- IT security
- Facility management
- Attorneys
- HR
- Public relations
- Senior management representatives
- BCP Project Scope and planning process
- Testing, training and maintenance phases of BCP that will require some hardware and software commitments
- Full-scale implementation
- Materials consumed by the BCP team
Resource requirements
- BCP Project Scope and planning process
- Ensures organization remains compliant with, laws, regulations, and contractual obligations
Legal and regulatory requirements
- Business Continuity Planning process
- Focuses on developing and implementing strategy to minimize the impact realized risks might have on protected assets
Continuity Planning
- Continuity Planning process
- In this step it its determined which risks will be addressed by the BCP
Strategy development
- Continuity Planning process
- BCP team designs specific procedures and mechanism that will mitigate the risks deemed unacceptable during the strategy development stage
Provisions and processes
What are three categories of assets that must be protected through BCP provisions and processes?
- People
- Buildings /Facilities
- IT Infrastructure
- Business Continuity Planning process
- BCP should should be endorsed by top executive at the company i.e. CEO
- Once endorsed a schedule is created to apply the BCP
Approval and Implementation
- BCP Document
- Describes the goals set forth by the BCP team and senior management for the plan
- i.e. call center should experience no more than 15 consecutive minutes of downtime
Continuity Planning Goals
- BCP Document
- Letter to organization’s employees stating the reason that the organization devoted resource to the BCP development process and requesting cooperation with the BCP implementation
Statement of Importance
- BCP Document
- Lists the functions considered critical to continued business operations in a ranked order
- Doc comes from business impact assessment phase
Statement of Priorities
- BCP Document
- Restates the org commitment to the BCP and informs all employees they are expected to do everything they can to assist with the BCP process
- Can be incorporated into the same letter as the Statement of Importance
Statement of Organizational Responsibility
- BCP Document
- Expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by senior management.
Statement of Urgency and Timing
- BCP Document
- Includes all the risks considered during the BIA as well as the quantitative and qualitative analyses performed to assess these risks.
Risk Assessment
- BCP Document
Categorizes each risk identified as either:- acceptable - why org should not be worried and future events that cause reconsideration
- unacceptable - outlines provisions and processes put into place to reduce risk
Risk Acceptance/Mitigation
- BCP Document
- States where critical business records will be stored and the procedures for making and storing backup copies of those records.
Vital Records Program
- BCP Document
- Outline the organizational and individual responsibilities for immediate response to an emergency situation.
Emergency-Response Guideline
- BCP Document
- Ensures the plan remains current and that all personnel are trained to perform their duties in the event of a disaster
Testing and exercises
