Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Business Continuity Planning


Published on

This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.

Published in: Business, Technology

Business Continuity Planning

  2. 2. Business Continuity Plan BCP is the creation and validation of a practical logistical plan for how an organization will recover and restore partially or completely within a predetermined time after a disaster has occurred.
  3. 3. GENERAL CONCEPT A common man’s view
  4. 4. Business Continuity Planning Lifecycle
  5. 5. Need for BCP/DRP
  6. 6. Objectives Goals Areas Minimize loss by Minimizing the cost associated with disruptions Identify weaknesses Business Resumption Planning Enable the Organization to survive a disaster Minimize the duration of a serious disruption to b/s operations Disaster Recovery Planning Facilitate effective co-ordination of recovery tasks Crisis Management Reduce the complexity of the recovery effort
  7. 7. Developing a BCP
  8. 8. Initiate Obtain understanding of the existing and projected systems Establish a ‘Steering Committee’ Develop a Master Schedule and milestones
  9. 9. Perform Risk Assessment
  10. 10. Choose Recovery Strategy Plan Development • Determine all available options and strategies • Business – Logistics, HR, Accounting • Technical – IT (Client – Server, Mainframes, Databases, Networks Identify Recovery Strategy • Recovery plan components and standards are defined, developed and documented • Define notification procedures • Establish Business recovery teams for each CBS
  11. 11. Test and Validate • Validate the BCP • Develop and document contingency test plans • Prepare and execute tests • Maintenance • Update disaster recovery plans and procedures
  12. 12. Working of a BCP Process
  13. 13. Differentiation of BCP and DRP Business Continuity Plan: It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity. It addresses the recovery of a company’s critical business functions after an interruption Disaster Recovery Plan: It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function
  14. 14. Types of Disaster Recovery Plans Emergency Plan Backup Plan It specifies actions to be undertaken when the disaster happen It specifies the type of backup to be kept, frequency of backup to be undertaken, procedures, location, personnel, priorities assigned and a time frame Identification of situations which requires plan to be invoked It needs continuous updates as changes occur
  15. 15. Types of Disaster Recovery Plans Recovery Plan Test Plan It specifies procedures to restore full information system capabilities Final Component Formation of a recovery committee, specify responsibilities and guidelines for proper functioning Identification of deficiencies in the emergency, backup or recovery plans or tin the preparation of an organization for facing a disaster
  16. 16. Threats and Risk Management •Lack of Integrity •Lack of Confidentiality •Unauthorized Access •Hostile Software •Disgruntled Employees •Hackers and computer crimes •Terrorism and Industrial espionage
  17. 17. Types of Backup Full Backup Incremental Backup Differential Backup Mirror Backup IT captures all files on the disk or within the folder selected for backup It captures files that were created or changed since the last backup, regardless the backup type It stores files that have changed since the last full backup. It is identical to a full backup, with the exception that the files are not compressed in zip files and they cannot be protected with a password
  18. 18. Alternative Processing Facility Arrangements It is useful when the organization can tolerate some downtime Organization requires minimum facilities at an alternative location to run its regular operations It is inexpensive Cold site Useful when fast recovery is critical Organization requires all the facilities at an alternative location It is expensive Hot site
  19. 19. Provides intermediate level of backup Organization can tolerate some downtime Organization requires only essential facilities at an alternative location Warm Site Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster It is relatively cheap Each participant must maintain sufficient capacity to operate another’s critical system Reciprocal Agreement Alternative Processing Facility Arrangements
  20. 20. Insurance • The purpose of insurance is to spread the economic cost and risk loss from an individual or business to a large number of people. • Policies are contracts that obligate the insurer to indemnify the policyholder from specific risks in exchange of a premium • Adequate insurance coverage is a key consideration while developing a BRP/DRP and performing a risk analysis
  21. 21. Activities considered while testing BRP/DRP plan • Defining the boundaries • Scenario • Test Criteria • Assumptions • Briefing Session • Checklists • Analysing the test • Debriefing session
  22. 22. Audit of DR/BR plan • Based on the BIA • Key employees have participated in the development • Plan is simple and is realistic in assumptions • Review the existing DR/BR plan • Gather background info regarding its preparation • Does the DR/BR plan include provisions for personnel, building, utilities and transportation and IT • Does the BR/DR plan include contact details of of suppliers of essential equipment • Does the DR/BR plans include provisions for the approval to expend funds that were not budgeted for the period? Recovery may be costly
  23. 23. Sources • ISCA Study Material – Volume 1 – ICAI Publication • Comprehensive Guide on Information Systems Audit – Volume II – Commissioned by IT Committee of ICAI • Guide to Implementing Enterprise Risk Management – Internal Standards Board - ICAI • Information Systems Control Audit – Prof.Jignesh Chhedda – VORA Book Agency
  24. 24. Thanks Bharath Rao B +919611319421 /bharathraob