Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Good Practice Guidelines > PP5 Implementation > Flashcards

PP5 Implementation Flashcards

1
Q

Key requirements for implementation of an effective

BC plan are:

A
  1. Ability to recognise and assess existing and potential
    threats when they occur and to determine an appropriate response.
  2. Response structure in place for the activation, escalation, and control of organization’s response.
  3. Personnel with the authority and competency to implement agreed solutions and measures.
  4. Ability to communicate effectively between internal and external interested parties.
  5. Access to sufficient resources to support the agreed
    continuity solutions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The purpose of establishing a response structure is

A

To ensure that the organization has a clearly documented and well understood mechanism for responding to an incident, regardless of its cause. The
response structure establishes command, control, and communication systems to help the organization manage the incident and minimise the impact of the disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Response structure identifies

A
  1. Individuals and teams responsible for response activities.
  2. The roles and responsibilities of the individuals and teams.
  3. The relationships between the individuals and teams.
  4. The documented procedures to support the individuals and teams.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Incident defined as

A

A situation that might be, or could lead to, a disruption, loss, emergency or crisis.” (Source: ISO 22300:2012)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Crisis defined as

A

A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action.” (Source: ISO 22300:2012)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

key requirements for an effective response structure are

A
  1. Ability to recognise and assess threats when they occur.
  2. Clear procedures for escalation when a disruption has occurred or may soon occur.
  3. Individuals and teams with the authority and capability to develop and select an appropriate response to an incident.
  4. Clearly understood procedures in place for the activation and control of the response to an incident or crisis.
  5. Responsible personnel with the authority and capability to implement the agreed business continuity solutions as defined within the organization’s plans.
  6. Ability to communicate effectively with internal and external interested parties.
  7. Access to sufficient resources to support the implementation of the continuity solution.
  8. Ability to recognise when key external suppliers should be notified and included in the implementation of the continuity solution.
  9. An agreed budget for supporting the response structure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Strategic team

A

Focuses on strategic issues that impact the organization’s core objectives, and products and
services and is usually led by top management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tactical teams

A

Manage and coordinate the continuity of the processes required to deliver the impacted products and services, and ensure that the resources are allocated appropriately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Operational teams

A

Focus on continuity of the activities that contribute to the process or processes that deliver the prioritised products and services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The key steps when establishing a response structure

are as follows:

A
  1. Identify, understand, and work within organization’s existing management and leadership structure.
  2. Identify responsible individuals and roles in any existing response teams or plans.
  3. Understand requirements and scope of BC
    programme.
  4. Consider continuity solutions agreed in the Design
    stage of BC management lifecycle.
  5. Develop a draft response structure.
  6. Present response structure to top management
    and seek feedback.
  7. Update response structure based on top
    management feedback.
  8. Obtain top management approval for updated response structure.
  9. Document and publish approved response
    structure.
  10. Implement approved response structure in any
    existing BC plans.
  11. Rehearse response structure as part of BC
    exercising
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Responsibilities of individuals and teams identified in

response structure should be documented and include:

A
  1. Team mobilisation
  2. Procedure escalation.
  3. Plan activation.
  4. Command and control.
  5. Resource allocation.
  6. Cost management.
  7. Personnel welfare.
  8. Interested party communication.
  9. Incident monitoring and assessment.
  10. Changing priorities as the situation evolves.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Small, single site organization

A

In a small, single site organization, all levels of response may be implemented by one response team within a single plan, covering all aspects
of the organization’s response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Medium sized organization

A

Might be implemented as:

Strategic: Crisis management plan with a response
team consisting of top management.

Tactical: Single plan covering continuity of all of organization’s operations, with a response team consisting of the functional leaders or heads of departments.

Operational: Usually covered by tactical plan, except
for ICT which, because of the technical detail required, has its own ICT service continuity plan with technical ICT recovery team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Large organization

A

Might be implemented as:

Strategic: Crisis management plan with response
team consisting of top management.

Tactical: Several plans, each one covering division,
product, service, or location, each with its own response team consisting of either the division head, or product or service heads responsible for the areas covered by
plan.

Operational: Usually covered by individual tactical
plans. Exceptions are main support functions of human resources, ICT, fnance, and sites or facilities. Each of these has its own specialist response team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Large multinational organization

A

Might be implemented as:

Strategic: Global crisis management plan, with a response team consisting of top management with global responsibilities, and an incident management plan for each territory, with a response team consisting of top management from those territories. Multinational organizations may also have another level of strategic plan focused on regions.

Tactical: Each region or country could have several plans, each covering a major division, product, or service, with its own response team consisting of the
functional leaders or divisions, or product or service heads responsible for the areas covered by the plan.

Operational: Each department or location covered
by the business continuity plan may have its own detailed operational plan, with its own response team consisting of the operational managers of the
department or location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Response structure should define:

A

• The required number and type of individuals or teams.

  1. Relationships between the individuals and teams.
  2. Roles and responsibilities of the individuals and teams.
  3. Documented plans required to support the response.
17
Q

BC plan’ is defined as

A

Documented procedures that guide organizations to respond, recover, resume, and restore to a predefined level of operation following disruption.”
(Source: ISO 22301:2012)

18
Q

To make the plan focused, specific and easy to use, it should be

A
  1. Direct; providing clear, action orientated and time-based direction. It should provide quick access to vital information.
  2. Adaptable; enabling the organization to respond to a wide range of incidents, including those that the organization may not have anticipated.
  3. Concise; containing only guidance, information and tools that are likely to be used by the team in an incident. Anything else is unnecessary.
  4. Relevant; providing information that is current and useful to the team using the plan
19
Q

Plans at all levels should contain the following:

A
  1. Purpose and scope.
  2. Objectives and assumptions.
  3. Response structure which is specific to organization
  4. Plan activation criteria, procedures, and authorisation, including implementation procedures:
    - Invocation of continuity solutions.
    - Team mobilisation instructions.
  5. Response team roles and responsibilities (with alternates as appropriate).
  6. Individual responsibilities and authorities of team members.
  7. Prompts for immediate action and any specific decisions the team(s) may need to make, for example, whether to activate an alternate site.
  8. Communication requirements and procedures concerning relevant interested parties, for example, personnel, suppliers, customers, and the media.
  9. Internal and external interdependencies and interactions, including contact details (usually held as appendices).
  10. Summary information (at a level of detail appropriate to the plan) of the organization’s prioritised activities and resource requirements as identifed in the Analysis stage of the business continuity management lifecycle, with reference to the continuity time frames
    within which they are required.
  11. Assumptions defning the limitations of the plan relating to extent,
    duration, or impact of the incident.
  12. Decision support checklists.
  13. Details of meeting locations.
  14. Information flow and documentation processes.
  15. Procedures for standing down the team and organization once the incident has been resolved.
  16. Appendices with relevant information capture templates, for example, an action log.
  17. Plan approval and distribution information.
20
Q

The key steps when developing and managing a plan

should include the following:

A
  1. Appoint an owner or sponsor of the plan.
  2. Define the objectives and scope of the plan.
  3. Create a plan development process and budget,
    and obtain approval.
  4. Create a planning team (if appropriate).
  5. Agree the responsibilities of the response team and their relationship with other plans and response teams
    (at a strategic, tactical and operational level if
    appropriate).
  6. Establish the response team with the relevant
    authorities and competencies
  7. Defne the structure, format, components, and
    contents of the plan.
  8. Gather information to populate the plan
  9. Draft the plan
  10. Circulate the draft plan for consultation and
    review
  11. Gather feedback from the consultation and
    review stage
  12. Amend the plan as appropriate, based on
    feedback
  13. Agree and formally approve the plan.
  14. Develop, implement, and plan the exercise programme to regularly rehearse team response capabilities and validate the plan content.
  15. Agree a maintenance schedule for the plan to ensure
    it remains current and response team information remains up to date.
21
Q

Specifc team roles, each with nominated responsibilities, should include:

A
  1. The team leader who ensures that the response team is activated, briefed, and properly staffed. They can nominate team members if necessary.
  2. People and welfare.
  3. Internal communication to establish and maintain contact with personnel and other response teams.
  4. External communication to establish and maintain contact with interested parties outside the organization, which may include the media.
  5. Operations, including fnance.
  6. Technical support for example, ICT and facilities.
  7. Administrative support, including a record keeper to maintain a log of incoming information, decisions made and actions carried out throughout the incident
22
Q

During an incident, and where relevant, one or more team members should be assigned responsibility for

A
  1. Verifying the results of site evacuation.
  2. Accounting for the organization’s personnel and visitors.
  3. Communicating with personnel and others on site.
  4. Communicating with emergency services.
  5. Setting up communications systems, for example, a help line or intranet pages.
  6. Contacting next of kin.
  7. Arranging transport assistance.
23
Q

Specific responsibilities of the strategic level team that should be captured in the plan include:

A
  1. Establishing the strategic objectives of the crisis or incident response.
  2. Devising short, medium, and long-term strategies, depending on the type of crisis or incident.
  3. Managing communications with all involved interested parties, including the media.
  4. Approving external statements before they are issued and monitoring and adjusting the communications strategy, as necessary.
  5. Monitoring the overall response to the crisis or incident.
  6. Resolving implementation issues or resource conflicts during the response.
  7. Ensuring the response and recovery is in line with the long term objectives of the organization and meets the organization’s legal and regulatory requirements.
  8. Identifying and maximising opportunities or advantages arising from the crisis or incident.
  9. Approving significant expenditure.
  10. Monitoring the financial health of the organization.
  11. Identifying and declaring when the incident or crisis is over, directing the individuals and teams to stand down, and clearly communicating the end of the incident or crisis to all interested parties.
24
Q

Outcomes of developing the strategic level business

continuity plan include:

A
  1. A plan that can support top management during an incident or crisis.
  2. A plan for managing interested parties and media
    communications during an incident or crisis.
  3. Documented evidence of the organization’s preparedness which is available to interested parties.
  4. A plan that complies with legal and regulatory requirements.
25
Specific responsibilities of the response teams to be included in the tactical plans include:
1. Coordinating and monitoring response of operational teams involved in incident. 2. Monitoring support services provided to operational teams, such as ICT, human resources, facilities, and finance. 3. Allocating available resources based on quantities and time frames agreed in the Analysis stage. 4. Amending agreed priorities and response actions to take into account the current situation, business conditions or based on direction from the strategic level team. 5. Requesting or receiving progress updates and other information from operational teams. 6. Reporting to the strategic level team. 7. Mobilising specialist service providers, for example, damage management or salvage companies, data recovery, or counselling services, as required. 8. Ensuring individuals and teams stand down when directed.
26
Relevant resources in the tactical plan may include:
1. Personnel. 2. Welfare services. 3. Alternate locations. 4. Security services. 5. Technology, communications, and data. 6. Transportation and logistics. 7. Alternate suppliers of priority services. 8. Contact information to access those resources. 9. Resource requirements for the continuity of each prioritised activity
27
Other details to be included in the tactical plan might | include:
1. Organization contact information. 2. Key interested party information and contact details, including customers, clients, and service providers. 3. Secure location of legal documents, for example, contracts, service level agreements and insurance policies. 4. Details of contracted work area recovery space, and how and when it will be made available to response teams. 5. Procedures for obtaining emergency funds.
28
The outcomes of developing the tactical level business | continuity plan include:
1. Documented BC plans to support tactical teams during an incident or crisis. 2. A framework for coordination of response activities and resource allocation between the strategic and operational teams. 3. Guidelines for coordinating continuity solutions and response activities with interested parties.
29
Situations where detailed operational plans are beneficial include:
1. Where manual workaround procedures are to be used as a continuity solution for partially or fully automated procedures. 2. Where alternate ICT systems or processing equipment are to be used in place of disrupted ICT systems or unavailable equipment. 3. Where the personnel responsible for implementing the continuity solutions are likely to be unfamiliar with the procedures they have to follow, or the systems and equipment they have to use.
30
Examples of operational level plans include:
1. A department or business unit plan. 2. Specific procedures implemented in response to an incident, such as equipment salvage and document restoration. 3. An ICT department’s response to the loss and subsequent recovery of ICT applications and services
31
Development of operational plans should consider the following:
1. Appointing a representative within each business unit to develop their plan. 2. Developing a planning process and scheduled programme. Where possible, begin with the plans for the highest priority activities. 3. Using a plan template to encourage standardisation of documentation but allowing variations where appropriate. 4. Documenting communication and information interdependencies between the tactical and operational level plans, for example, where an operational team relies on a tactical team for a key decision or approval to proceed with a response procedure. 5. Ensuring business units nominate competent individuals to fulfil key roles within their plans. 6. Circulating the draft plan for consultation with members of each business unit for review and feedback. 7. Circulating the draft plan outside the business unit (if appropriate).
32
Operational level plans may include a wide variety of | detailed information regarding:
1. Human resources and people's welfare. 2. Access to, and use of facilities. 3. Departmental activities (listed in order of priority). 4. Liaison with ICT service continuity teams. 5. Mobilisation of teams and allocation of resources. 6. External support. 7. Building evacuation and shelter-in-place procedures. 8. Location and layout of evacuation points. 9. Security. 10. Accounting for personnel. 11. Health and safety. 12. Escalation procedures to advise top management about unexpected issues. 13. Initial response and activation. 14. Methods to contact team members. 15. Resolving work in progress issues. 16. Special or non-standard procedures. 17. Redeployment of personnel and visitors. 18. Personnel contact numbers. 19. Other key interested party contacts. 20. Communications with personnel following plan activation. 21. Space, seating, and resource requirements. 22. A list of ICT equipment and software required. 23. Details of off-site data with document storage and access instructions. 24. Restoration instructions that a technical person unfamiliar with the system(s) can use. 25. Salvage arrangements and contracted assistance. 26. Stand down procedures. 27. Counselling and rehabilitation resources.
33
The outcomes of developing the operational plan include:
1. Documented business continuity plans to support the continuity of prioritised activities by department following an incident. 2. Documented business continuity plans for the continuity of the organization’s infrastructure and other specialist support services

Good Practice Guidelines (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions