Your SlideShare is downloading. ×

Example business continuity plan

13,402

Published on

Provided as is, without warranty, for businesses to consider as a very early starting point in the preparation of a business continuity plan. This work is based upon material delivered to University …

Provided as is, without warranty, for businesses to consider as a very early starting point in the preparation of a business continuity plan. This work is based upon material delivered to University business students.

Published in: Business, Technology
1 Comment
1 Like
Statistics
Notes
  • More Business Continuity information can be found at Business Continuity HQ (www.businesscontinuityhq.com) for those starting out or new to Business Continuity Planning.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
13,402
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
327
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Example Business Continuity Plan Based upon DS4.2 from COBIT (Control Objectives for Information Technology) Prepared by: Micheal Axelsen FCPA1 Director, Applied Insight Pty LtdProvided as is, without warranty, for businesses to consider as a very early starting point inthe preparation of a business continuity plan. This work is based upon material delivered toUniversity business students.Question One: Research Issue – Personal Data ProtectionAssume a fire has destroyed your bedroom. Identify the items in your room that would beirreplaceable if this scenario eventuated. Draw up a business continuity plan for yourbedroom and yourself.Identify what you would need to do to ensure that irreplaceable items are better protected inthe future. Identify the steps you would need to take immediately after the fire to recoverfrom this disaster.Worked SolutionNote that in COBIT 4.1, regarding the IT aspects we would need to identify an IT continuityplan. Firstly, we need to understand our business requirements – what our key businessfunctions and processes are (DS4.2).So, the business continuity plan draws upon our risk management framework (for argument’ssake, AS/NZS 4360:2004):• Identify key business functions and processes.1 Micheal may be contacted on 0412 526 375 or micheal.axelsen@appliedinsight.com.au. 1
  • 2. • Identify ‘major’ disruption by reference to risk appetite Consider what the definitions of economic loss might be that are insignificant, minor, moderate, major, or catastrophic (e.g. catastrophic might be $1,000,000 whilst insignificant might be $500).• Identify potential business impacts• What actions can be taken to address requirements for: • Resilience (reduce likelihood or consequence of the risk) • Alternative processing (work-arounds in the event access is denied) • Recovery capability of critical IT services (recovery of critical IT services)• Identify usage guidelines, roles and responsibilities, procedures, communication processes, and the testing approach 2
  • 3. A rough approach might look like this: Business Continuity PlanRisk Appetite: The business has determined that it can withstand a $3,000 level of disruption.Assumptions: Catastrophic events (e.g. fire, flood) would result in similar business impacts. Actions to reduce impact will work equally as wellfor low-impact events (e.g. localised flooding, loss of internet connection).Note: Some things are deliberately missing – who can spot something? Key business functions Business impact if Resilience Actions Procedures & unavailable Responsibilities Client Acquisition: • Marketing website material Clients unable to discover Host with reliable ISP with strong Take XML download of posts/content MSA (two websites, business and identify financial background (Yahoo) monthly. Add to backup processes. www.michealaxelsen.com and services. Large business www.appliedinsight.com.au) impact. Host on a common ISP platform. and supporting collateral If content lost, would take months to re-create, if at all possible. • Current marketing plan Marketing stages with Incorporate into Exchange Server None identified. MSA clients lost. Moderate with email – reduce points of failure. business impact. Reputable provider with SLA (WebCentral) Enables sync across devices and internet access. Service Delivery • Methodologies and client Affects ability to convince Store in a single place and protect Backup process: MSA outputs clients of capability. that well (i.e. hard drive) and incorporate into backup processes. 1. Use SyncBack for each laptop daily – 3
  • 4. Key business functions Business impact if Resilience Actions Procedures & unavailable Responsibilities Affects efficiency and files are stored in three places (PMD, effectiveness as these are Dell, HP). all key to service delivery. 2. Daily backup from Dell to external USB using MS Backup & Sync (monthly resets to keep disk space low). 3. Monthly backup of entire system to a third 500gb pocket media drive kept at separate office 5 km away. • Precedents and models Affects ability to convince Store in a single place and protect See backup process MSA clients of capability. that well (i.e. hard drive) and incorporate into backup processes. Affects efficiency and effectiveness as these are all key to service delivery. • Templates Affects ability to convince Store in a single place and protect See backup process MSA clients of capability. that well (i.e. hard drive) and incorporate into backup processes. Affects efficiency and effectiveness as these are all key to service delivery. • Research Notes Affects ability to convince Store in a single place and protect None required – rely upon Evernote SLA. MSA clients of capability. that well (i.e. hard drive) and incorporate into backup processes. Affects efficiency and effectiveness as these are Store research notes in Evernote all key to service delivery. software (paid subscription) – enables sync across devices and mobile access. Maintained in three places (Dell, online, and HP Mini-Note).Administrative Support 4
  • 5. Key business functions Business impact if Resilience Actions Procedures & unavailable Responsibilities• MYOB Accounting System Unable to invoice and Store in a single place and protect See backup process MSA meet external compliance that well (i.e. hard drive) and requirements. incorporate into backup processes.• Access to email Unable to communicate Incorporate into Exchange Server None. MSA with clients. with email – reduce points of failure. Reputable provider with SLA (WebCentral)• Task list Current workload would Incorporate into Exchange Server None. MSA be lost. with email – reduce points of failure. Reputable provider with SLA (WebCentral) Enables sync across devices and internet access with only an internet connection.• Mobile telephone Major contact point with Insurance policy None. MSA clients lost; $1,200 phone to replace if purchased.• VOIP phone Major contact point with None – wear this as an expense. Identify provider (Engin telephone). MSA clients lost; $100 phone to replace if needs to be Divert VOIP phone to mobile in repurchased. emergency using password details noted in Evernote.• Accounting records (Paper) Unable to invoice and Monthly scan to electronic format. See backup process. MSA meet external compliance requirements.• Bookmarks Lose record of access to Place bookmarks online in webspace None. MSA many required online (start.michealaxelsen.com) using services (e.g. online Google start page. 5
  • 6. Key business functions Business impact if Resilience Actions Procedures & unavailable Responsibilities banking, blog, • Critical passwords Unable to access many Store passwords in Evernote None. MSA websites crucial to (encrypted using common super- operating business duper secret password). Will be able to regain access with PC and internet connection. • Suncorp Token Key Without this, I lose access In event of catastrophe, Suncorp None. MSA to online banking full stop. provides a temporary security code until a new key is issued.IT Infrastructure • Dell Laptop (15”) (approximately $3K) Unable to provide Insurance policy; In event of loss, identify with insurance MSA services backup processes provider and order replacement. Preferred Vendor: Dell • HP Laptop Mini-Note 2133 (approximately $1K) Unable to provide Insurance policy; In event of loss, identify with insurance MSA services backup processes provider and order replacement. Preferred Vendor: HT • HP Scanjet bubblejet printer Unable to provide Insurance policy; In event of loss, identify with insurance MSA services backup processes. provider and order replacement. Order three year on- Preferred Vendor: HT site warranty. • Pocketmedia Drive Unable to provide Insurance policy; In event of loss, identify with insurance MSA services backup processes provider and order replacement. Preferred Vendor: HT • External USB HDD (WD) Unable to provide Insurance policy; In event of loss, identify with insurance MSA services backup processes provider and order replacement. 6
  • 7. Key business functions Business impact if Resilience Actions Procedures & unavailable Responsibilities Preferred Vendor: HT• Broadband connection Unable to perform Identify a secondary Use alternative provider (suggested: $10 MSA online banking, pay alternative provider per GB wireless connection at UQ, bills, and deliver available quickly from office). services. Or just wifi surf someone else’s open wireless connection .• CD Media (to reinstall software) If lost, would require re- Backup CD media and Restore from separate DVDs. MSA purchase of $5,000 store in a separate worth of Microsoft location (office) goodies without proof- together with software of-purchase. keys. 7

×