BCP / DRP
business continuity coordinator is leader of BCP
BCP Planing
1. Project initiation
2. BIA
3. Recovery strategy
4. Plan design and development
5. Implementation
6. Testing
7. Continual maintenance
1. Project intiation
develop the continuity planning policy statement.mgmt support and resources
Establishing need for the BCP
Obtaining management support
Identifying strategic internal and external resources
Establishing members of team
Establishing project management work plan
Determining need for automated data collection tools
Preparing and presenting status reports
2.Business Impact Analysis
Maximum tolerable downtime
Operational disruption and productivity
Financial considerations
Regulatory responsibilities
Reputation, Preventive measures
3. Recovery strategy
Business process recovery
Facility recovery
Supply and technology recovery
User environment recovery
Data recovery
hot site (subscription service) and a redundant site (owned by the company).
backup site should be 15 Miles recommended , critical environment 50-200 Miles
Software escrow means that a third party holds the source code, backups of the compiled code, manuals, and other supporting materials.
Disk duplexing means there is more than one disk controller. If one disk controller fails, the other is ready and available
Electronic vaulting makes copies of files as they are modified and periodically transmits them to an off site backup site (not real time its batch processing) bulk Information transfer
Remote journaling is off site data storage for real time transaction logs
tape vaulting auto transfer data to tape controller remote site
Block ciphers do not use public cryptography (private and public keys).
Type of testing includes
Structured walk-through
Checklist
Simulation
Parallel
Full interruption
The functions of a critical system can only be replaced by identical capabilities. Other functions can be performed manually.
Dual Data Center strategy also called redundent site or alternate site would be employed for applications, which cannot accept any downtime without impacting business.
property Insurance Replacement Cost Valuation (RCV) clause your damaged property will be compensated Based on new item for old regardless of condition of lost item
ACV (actual Cost Value)Value of item on the date of loss
disaster recovery plan is usually very information technology (IT) focused
The eight detailed and granular steps of the BIA are:
1. Select Individuals to interview for the data gathering.
2. Create data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
3. Identify the company's critical business functions.
4. Identify the resources that these functions depend upon.
5. Calculate how long these functions can survive without these resources.
6. Identify vulnerabilities and the threats to these functions.
7. Calculate risk for each of the different business functions.
8. Document findings and report them to management.
Creating a BCP committee is part of the scope and plan initiation
Recovery Time Objectives (RTO) is the amount of time allowed for the recovery of a business function. If the RTO is exceeded, then severe damage to the organization would result. Recovery Time Objectives RTO would be defined as part of the recovery plan and not as part of the BIA.
The Recovery Point Objectives (RPO) is the point in time in which data must be restored in order to resume processing (mainly Business Transaction)
A data backup is the first step in contingency planning
Human Resources may not be a part of the BCP committee
Named PERILS Burden of proof that particular loss is covered is on Insured
The primary difference between them is that one type of policy covers what is "named" (included) in the policy while the other covers what is not included. A named peril policy is often a good choice for those business owners whose business is located in an area frequently hit by natural disasters such as hurricanes, tornados, or floods. Such a policy spells out the specific events for which you are covered. The cost of the premiums will depend on the location of the business and the likelihood of the specific peril(s). Anything not specifically named in such a policy is not covered.
An all-risk policy covers your business from damages caused by any type of disaster with the exception of those specifically excluded in the policy. Floods and earthquakes are two events that are typically excluded, but coverage for these types of disasters can be added to the policy for an additional fee.
Use of the All Risk form shifts the burden of proof onto the insurer to prove that a particular loss was not covered by the policy.
The Occupant Emergency Plan (OEP) provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency
BCP is corrective control.
No comments:
Post a Comment