IRBC

Question 1

IRBC: understanding the IRBC requirements.

Answer 1

Understanding IRBC requirements: You need to know what you are trying to achieve with IRBC. For example, which ICT services need to be maintained and at what level (MBCO)? How quickly do the services need to be recovered (RTO)? The IRBC requirements will be guided by the organisation’s BC requirements. For example, a public library might consider that user accounts must not be inaccessible for longer than 2 hours, in which case the ICT services responsible for user accounts must recover in under 2 hours. (4 marks)

Question 2

IRBC: IRBC planning.

Answer 2

IRBC planning: The organisation must set aside time and resources to do the planning. It must identify the individuals with the knowledge to participate in the planning, and it must set a timetable for planning and review. The organisation will need to decide how much effort it is appropriate to put in to IRBC planning. (2 marks)

Question 3

IRBC: determining IRBC strategies.

Answer 3

Determining IRBC strategies: The organisation must explore ways of meeting the IRBC requirements, and choose which strategies to adopt. Alongside the determination of the organisation’s BCM strategies, this would involve risk assessment and choice of response (treat, tolerate, transfer or terminate). For example, a public library might decide that there is a medium risk of losing access to user accounts due to power failure and the consequences would be severe, so that the risk is serious. It might, therefore, decide on a strategy to treat the risk. (2 marks)

Question 4

IRBC: Implementation and operation.

Answer 4

Implementation and operation: Having decided on strategies, they need to be implemented and set in motion.

Question 5

IRBC: monitor and review.

Answer 5

Monitor and review: IRBC is not something you do once and then leave it alone. As with all areas of Business Continuity Management, it is necessary to check that it works and that it remains appropriate over time. (1 mark)

Question 6

IRBC: exercising, testing, maintaining, and reviewing IRBC.

Answer 6

Exercising, testing, maintaining and reviewing IRBC: It is necessary to run exercises to check that the implemented strategy meets the requirements. In the public library example, there needs to be an exercise that tests the use of the backup systems. How this is done without jeopardising the service delivery during the testing needs careful consideration. Maintenance is require because if things change, either within the ICT systems or the wider organisational systems (as identified by the BCM processes) then IRBC will need to change too. (4 marks)

Question 7

IRBC improvement.

Answer 7

IRBC improvement: As noted above, if things change the IRBC processes will need to change. But even without such changes, exercises and tests might identify problems or else suggest different ways of working that might improve the performance of IRBC. (2 marks)

Question 8

IRBC: developing and implementing IRBC response and recovery.

Answer 8

Developing and implementing IRBC responses and recovery: The details of how to effect the strategies need to be developed and systems put in place within the organisation to ensure that in the event of disruption, the IRBC response recovery procedures are activated. In the example of the risks to user accounts at a public library, backup databases and servers might be created and system put in place to ensure that staff can access the backups quickly in the event of disruption.
(4 marks, covering both ‘Implementation and operation’ and ‘Developing and implementing IRBC responses and recovery’)

Question 9

What is IRBC and what are its benefits?

Answer 9

The benefits of IRBC are primarily derived from better response to disruption, rather than disruption presentation.

Question 10

How does IRBC relate to BCM?

Answer 10

Organisations set BCM priorities, which drive an IRBC plan, while BCM relies on IRBC to ensure that continuity objectives can be met at all times. In other words, BCM priorities drive IRBC, while IRBC supports BCM implementation.

Question 11

What are the five key principles of IRBC?

Answer 11

• Incidence prevention
• Incidence detection
• Response
• Recovery (implementing an appropriate recovery strategy to prioritise key services for restoration)
• Improvement.

Question 12

What are the key elements of an IRBC plan?

Answer 12

• People
• Facilities
• Technology (software, hardware, network)
• Data
• Processes
• suppliers

Question 13

What steps occur in the event of a disruption to a system with an IRBC plan and what important events occur in those steps?

Answer 13

0. Presentation and IRBC implementation: the last good data backup.
1. Time zero: the disruption occurs.
2. Detection: service loss experienced.
3. Response: decision to invoke recovery plan.
4. Recovery: ICT infrastructure recovery; ICT application recovery; consumer access restored; RTO’s for each service; user acceptance tests.
5. Operation: business services fully restored; support for ongoing BC activity.
6. Restoration: migration from recovery mode; return to the new normal.
7. Prevention and IRBC improvement.