SlideShare a Scribd company logo
1 of 24
BUSINESS CONTINUITY
PLANNING / DISASTER
RECOVERY PLANNING
Bbharathrao.wordpress.com
Bbharathrao.wordpress.com
Business Continuity Plan
BCP is the creation and
validation of a practical
logistical plan for how an
organization will recover
and restore partially or
completely within a
predetermined time after
a disaster has occurred.
Bbharathrao.wordpress.com
GENERAL CONCEPT
A common man’s view
Bbharathrao.wordpress.com
Business Continuity Planning
Lifecycle
Bbharathrao.wordpress.com
Need for BCP/DRP
Bbharathrao.wordpress.com
Objectives Goals Areas
Minimize loss by
Minimizing the cost
associated with
disruptions
Identify weaknesses Business Resumption
Planning
Enable the
Organization to
survive a disaster
Minimize the
duration of a serious
disruption to b/s
operations
Disaster Recovery
Planning
Facilitate effective
co-ordination of
recovery tasks
Crisis Management
Reduce the
complexity of the
recovery effort
Bbharathrao.wordpress.com
Developing a BCP
Bbharathrao.wordpress.com
Initiate
Obtain understanding of the existing
and projected systems
Establish a ‘Steering Committee’
Develop a Master Schedule and
milestones
Bbharathrao.wordpress.com
Perform Risk Assessment
Bbharathrao.wordpress.com
Choose Recovery Strategy
Plan Development
• Determine all available
options and strategies
• Business – Logistics, HR,
Accounting
• Technical – IT (Client –
Server, Mainframes,
Databases, Networks
Identify Recovery Strategy
• Recovery plan components
and standards are defined,
developed and
documented
• Define notification
procedures
• Establish Business recovery
teams for each CBS
Bbharathrao.wordpress.com
Test and Validate
• Validate the BCP
• Develop and document contingency test
plans
• Prepare and execute tests
• Maintenance
• Update disaster recovery plans and
procedures
Bbharathrao.wordpress.com
Working of a BCP Process
Bbharathrao.wordpress.com
Differentiation of BCP and DRP
Business Continuity Plan: It is the process of
defining arrangements and procedures that
enable an organization to continue as a
viable entity. It addresses the recovery of a
company’s critical business functions after an
interruption
Disaster Recovery Plan: It involves making
preparations for a disaster and also
addresses the procedures to be followed
during and after a loss. It is specific to the
information system function
Bbharathrao.wordpress.com
Types of Disaster Recovery Plans
Emergency Plan Backup Plan
It specifies actions to be
undertaken when the disaster
happen
It specifies the type of backup to
be kept, frequency of backup to be
undertaken, procedures, location,
personnel, priorities assigned and a
time frame
Identification of situations which
requires plan to be invoked
It needs continuous updates as
changes occur
Bbharathrao.wordpress.com
Types of Disaster Recovery Plans
Recovery Plan Test Plan
It specifies procedures to restore full
information system capabilities
Final Component
Formation of a recovery committee,
specify responsibilities and guidelines
for proper functioning
Identification of deficiencies in
the emergency, backup or
recovery plans or tin the
preparation of an organization for
facing a disaster
Bbharathrao.wordpress.com
Threats and Risk Management
•Lack of Integrity
•Lack of
Confidentiality
•Unauthorized
Access
•Hostile Software
•Disgruntled
Employees
•Hackers and
computer crimes
•Terrorism and
Industrial
espionage
Bbharathrao.wordpress.com
Types of Backup
Full Backup Incremental Backup Differential Backup Mirror Backup
IT captures
all files on
the disk or
within the
folder
selected for
backup
It captures files that
were created or
changed since the
last backup,
regardless the
backup type
It stores files that
have changed since
the last full backup.
It is identical
to a full
backup, with
the exception
that the files
are not
compressed in
zip files and
they cannot be
protected with
a password
Bbharathrao.wordpress.com
Alternative Processing Facility
Arrangements
It is useful when
the organization
can tolerate some
downtime
Organization
requires minimum
facilities at an
alternative location
to run its regular
operations
It is inexpensive
Cold
site Useful when fast
recovery is critical
Organization
requires all the
facilities at an
alternative location
It is expensive
Hot
site
Bbharathrao.wordpress.com
Provides intermediate
level of backup
Organization can
tolerate some downtime
Organization requires
only essential facilities
at an alternative location
Warm
Site
Two or more
organizations might
agree to provide backup
facilities to each other in
the event of one
suffering a disaster
It is relatively cheap
Each participant must
maintain sufficient
capacity to operate
another’s critical system
Reciprocal
Agreement
Alternative Processing Facility
Arrangements
Bbharathrao.wordpress.com
Insurance
• The purpose of insurance is to spread the
economic cost and risk loss from an individual
or business to a large number of people.
• Policies are contracts that obligate the insurer
to indemnify the policyholder from specific
risks in exchange of a premium
• Adequate insurance coverage is a key
consideration while developing a BRP/DRP and
performing a risk analysis
Bbharathrao.wordpress.com
Activities considered while
testing BRP/DRP plan
• Defining the boundaries
• Scenario
• Test Criteria
• Assumptions
• Briefing Session
• Checklists
• Analysing the test
• Debriefing session
Bbharathrao.wordpress.com
Audit of DR/BR plan
• Based on the BIA
• Key employees
have participated
in the development
• Plan is simple and
is realistic in
assumptions
• Review the existing
DR/BR plan
• Gather background
info regarding its
preparation
• Does the DR/BR
plan include
provisions for
personnel,
building, utilities
and transportation
and IT
• Does the BR/DR
plan include
contact details of
of suppliers of
essential
equipment
• Does the DR/BR
plans include
provisions for the
approval to expend
funds that were not
budgeted for the
period? Recovery
may be costly
Bbharathrao.wordpress.com
Sources
• ISCA Study Material – Volume 1 – ICAI Publication
• Comprehensive Guide on Information Systems Audit
– Volume II – Commissioned by IT Committee of ICAI
• Guide to Implementing Enterprise Risk Management
– Internal Standards Board - ICAI
• Information Systems Control Audit – Prof.Jignesh
Chhedda – VORA Book Agency
Bbharathrao.wordpress.com
Thanks
Bharath Rao B
+919611319421
b.bharath.r@gmail.com
/bharathraob
Bbharathrao.wordpress.com

More Related Content

What's hot

Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanPlash Chowdhary
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesSlideTeam
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintluweinet
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
 

What's hot (20)

Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Risk and Business Continuity Management
Risk and Business Continuity ManagementRisk and Business Continuity Management
Risk and Business Continuity Management
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Bcp
BcpBcp
Bcp
 
009.itsecurity bcp v1
009.itsecurity bcp v1009.itsecurity bcp v1
009.itsecurity bcp v1
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysis
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation Slides
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprint
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation Slides
 

Viewers also liked

Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningJohn Wilson
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoverySirius
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery PresentationTimSchaefer
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
 
Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Modelaqel aqel
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
BCI Guidelines & Horizon Scan 2016
BCI Guidelines & Horizon Scan 2016BCI Guidelines & Horizon Scan 2016
BCI Guidelines & Horizon Scan 2016Christopher Rivera
 
Experts Exchange - Disaster Recovery & Business Continuity Planning
Experts Exchange - Disaster Recovery & Business Continuity PlanningExperts Exchange - Disaster Recovery & Business Continuity Planning
Experts Exchange - Disaster Recovery & Business Continuity PlanningExperts Exchange
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)Hafiza Abas
 

Viewers also liked (15)

Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
 
Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Model
 
Bcp drp
Bcp drpBcp drp
Bcp drp
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 
BCI Guidelines & Horizon Scan 2016
BCI Guidelines & Horizon Scan 2016BCI Guidelines & Horizon Scan 2016
BCI Guidelines & Horizon Scan 2016
 
Experts Exchange - Disaster Recovery & Business Continuity Planning
Experts Exchange - Disaster Recovery & Business Continuity PlanningExperts Exchange - Disaster Recovery & Business Continuity Planning
Experts Exchange - Disaster Recovery & Business Continuity Planning
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
 
Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)Business Continuity Plan (Introduction)
Business Continuity Plan (Introduction)
 

Similar to Business Continuity Planning

Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoveryKrutiShah114
 
BCM Roadmap
BCM RoadmapBCM Roadmap
BCM Roadmapbtrmuray
 
Bcm Roadmap
Bcm RoadmapBcm Roadmap
Bcm Roadmapbtrmuray
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?PECB
 
Incident managment plan
Incident managment planIncident managment plan
Incident managment planSafwan Hashmi
 
Smaller Presentation on Enterprise Resiliency and Corporate Certification
Smaller Presentation on Enterprise Resiliency and Corporate CertificationSmaller Presentation on Enterprise Resiliency and Corporate Certification
Smaller Presentation on Enterprise Resiliency and Corporate CertificationThomas Bronack
 
Exec Presentation on Achieving Enterprise Resiliency and Corporate Certification
Exec Presentation on Achieving Enterprise Resiliency and Corporate CertificationExec Presentation on Achieving Enterprise Resiliency and Corporate Certification
Exec Presentation on Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types LynellBull52
 
Recovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackRecovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackThomas Bronack
 
BCP – How to develop BCP strategies and Plans 2016.pptx
BCP – How to develop BCP strategies and Plans 2016.pptxBCP – How to develop BCP strategies and Plans 2016.pptx
BCP – How to develop BCP strategies and Plans 2016.pptxFerriFatra1
 
Optimizing the IT and Business Environment
Optimizing the IT and Business EnvironmentOptimizing the IT and Business Environment
Optimizing the IT and Business EnvironmentThomas Bronack
 
Dcag service optimization offering01
Dcag service optimization offering01Dcag service optimization offering01
Dcag service optimization offering01Thomas Bronack
 
Chapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aChapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aEstelaJeffery653
 
Week02-Planning for Organizational Readiness_reduced.pptx
Week02-Planning for Organizational Readiness_reduced.pptxWeek02-Planning for Organizational Readiness_reduced.pptx
Week02-Planning for Organizational Readiness_reduced.pptxpshah21
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
VMware Disaster Recovery Planning: Essential Checklist
VMware Disaster Recovery Planning: Essential ChecklistVMware Disaster Recovery Planning: Essential Checklist
VMware Disaster Recovery Planning: Essential ChecklistVeeam Software
 
Auditing contingency Plans
Auditing contingency PlansAuditing contingency Plans
Auditing contingency PlansThomas Bronack
 
Disaster Recovery, Business Continuity, Backups, and High Av.docx
Disaster Recovery, Business Continuity, Backups, and High Av.docxDisaster Recovery, Business Continuity, Backups, and High Av.docx
Disaster Recovery, Business Continuity, Backups, and High Av.docxcuddietheresa
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxfelicidaddinwoodie
 

Similar to Business Continuity Planning (20)

Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
BCM Roadmap
BCM RoadmapBCM Roadmap
BCM Roadmap
 
Bcm Roadmap
Bcm RoadmapBcm Roadmap
Bcm Roadmap
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?
 
Incident managment plan
Incident managment planIncident managment plan
Incident managment plan
 
Smaller Presentation on Enterprise Resiliency and Corporate Certification
Smaller Presentation on Enterprise Resiliency and Corporate CertificationSmaller Presentation on Enterprise Resiliency and Corporate Certification
Smaller Presentation on Enterprise Resiliency and Corporate Certification
 
Exec Presentation on Achieving Enterprise Resiliency and Corporate Certification
Exec Presentation on Achieving Enterprise Resiliency and Corporate CertificationExec Presentation on Achieving Enterprise Resiliency and Corporate Certification
Exec Presentation on Achieving Enterprise Resiliency and Corporate Certification
 
COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types
 
Recovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom BronackRecovery and Compliance Services provided by Tom Bronack
Recovery and Compliance Services provided by Tom Bronack
 
Risk crisis nad management
Risk crisis nad managementRisk crisis nad management
Risk crisis nad management
 
BCP – How to develop BCP strategies and Plans 2016.pptx
BCP – How to develop BCP strategies and Plans 2016.pptxBCP – How to develop BCP strategies and Plans 2016.pptx
BCP – How to develop BCP strategies and Plans 2016.pptx
 
Optimizing the IT and Business Environment
Optimizing the IT and Business EnvironmentOptimizing the IT and Business Environment
Optimizing the IT and Business Environment
 
Dcag service optimization offering01
Dcag service optimization offering01Dcag service optimization offering01
Dcag service optimization offering01
 
Chapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aChapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, a
 
Week02-Planning for Organizational Readiness_reduced.pptx
Week02-Planning for Organizational Readiness_reduced.pptxWeek02-Planning for Organizational Readiness_reduced.pptx
Week02-Planning for Organizational Readiness_reduced.pptx
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
VMware Disaster Recovery Planning: Essential Checklist
VMware Disaster Recovery Planning: Essential ChecklistVMware Disaster Recovery Planning: Essential Checklist
VMware Disaster Recovery Planning: Essential Checklist
 
Auditing contingency Plans
Auditing contingency PlansAuditing contingency Plans
Auditing contingency Plans
 
Disaster Recovery, Business Continuity, Backups, and High Av.docx
Disaster Recovery, Business Continuity, Backups, and High Av.docxDisaster Recovery, Business Continuity, Backups, and High Av.docx
Disaster Recovery, Business Continuity, Backups, and High Av.docx
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
 

More from Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryBharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceBharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being localBharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsBharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit ShiftingBharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going GlobalBharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBharath Rao
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionBharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingBharath Rao
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thingBharath Rao
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsBharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextBharath Rao
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 

More from Bharath Rao (19)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 

Recently uploaded

Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312LR1709MUSIC
 
Global Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfGlobal Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfAmer Morgan
 
Raising Seed Capital by Steve Schlafman at RRE Ventures
Raising Seed Capital by Steve Schlafman at RRE VenturesRaising Seed Capital by Steve Schlafman at RRE Ventures
Raising Seed Capital by Steve Schlafman at RRE VenturesAlejandro Cremades
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfmstarkes24
 
stock price prediction using machine learning
stock price prediction using machine learningstock price prediction using machine learning
stock price prediction using machine learninggauravwankar27
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsCaitlinCummins3
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementsirhcs
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledCaitlinCummins3
 
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARPEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARdoktercalysta
 
Beyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic AccountingBeyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic AccountingYourLegal Accounting
 
Hyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings releaseHyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings releaseirhcs
 
Navigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsNavigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsYourLegal Accounting
 
Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerAlejandro Cremades
 
MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.abejeblooda
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Hararedoctorjoe1984
 
Should Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their BookkeepingShould Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their BookkeepingYourLegal Accounting
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfHolger Mueller
 
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...YourLegal Accounting
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© رnafizanafzal
 
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.daisycvs
 

Recently uploaded (20)

Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 
Global Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdfGlobal Internal Audit Standards 2024.pdf
Global Internal Audit Standards 2024.pdf
 
Raising Seed Capital by Steve Schlafman at RRE Ventures
Raising Seed Capital by Steve Schlafman at RRE VenturesRaising Seed Capital by Steve Schlafman at RRE Ventures
Raising Seed Capital by Steve Schlafman at RRE Ventures
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
stock price prediction using machine learning
stock price prediction using machine learningstock price prediction using machine learning
stock price prediction using machine learning
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statements
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelled
 
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARPEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
 
Beyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic AccountingBeyond Numbers A Holistic Approach to Forensic Accounting
Beyond Numbers A Holistic Approach to Forensic Accounting
 
Hyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings releaseHyundai capital 2024 1q Earnings release
Hyundai capital 2024 1q Earnings release
 
Navigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsNavigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA Firms
 
Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An Explainer
 
MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.MEANING AND CHARACTERISTICS OF TAXATION.
MEANING AND CHARACTERISTICS OF TAXATION.
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
 
Should Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their BookkeepingShould Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their Bookkeeping
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
 
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
Abortion pills in Muscut<Oman(+27737758557) Cytotec available.inn Kuwait City.
 

Business Continuity Planning

  • 1. BUSINESS CONTINUITY PLANNING / DISASTER RECOVERY PLANNING Bbharathrao.wordpress.com
  • 2. Bbharathrao.wordpress.com Business Continuity Plan BCP is the creation and validation of a practical logistical plan for how an organization will recover and restore partially or completely within a predetermined time after a disaster has occurred.
  • 6. Bbharathrao.wordpress.com Objectives Goals Areas Minimize loss by Minimizing the cost associated with disruptions Identify weaknesses Business Resumption Planning Enable the Organization to survive a disaster Minimize the duration of a serious disruption to b/s operations Disaster Recovery Planning Facilitate effective co-ordination of recovery tasks Crisis Management Reduce the complexity of the recovery effort
  • 8. Bbharathrao.wordpress.com Initiate Obtain understanding of the existing and projected systems Establish a ‘Steering Committee’ Develop a Master Schedule and milestones
  • 10. Bbharathrao.wordpress.com Choose Recovery Strategy Plan Development • Determine all available options and strategies • Business – Logistics, HR, Accounting • Technical – IT (Client – Server, Mainframes, Databases, Networks Identify Recovery Strategy • Recovery plan components and standards are defined, developed and documented • Define notification procedures • Establish Business recovery teams for each CBS
  • 11. Bbharathrao.wordpress.com Test and Validate • Validate the BCP • Develop and document contingency test plans • Prepare and execute tests • Maintenance • Update disaster recovery plans and procedures
  • 13. Bbharathrao.wordpress.com Differentiation of BCP and DRP Business Continuity Plan: It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity. It addresses the recovery of a company’s critical business functions after an interruption Disaster Recovery Plan: It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function
  • 14. Bbharathrao.wordpress.com Types of Disaster Recovery Plans Emergency Plan Backup Plan It specifies actions to be undertaken when the disaster happen It specifies the type of backup to be kept, frequency of backup to be undertaken, procedures, location, personnel, priorities assigned and a time frame Identification of situations which requires plan to be invoked It needs continuous updates as changes occur
  • 15. Bbharathrao.wordpress.com Types of Disaster Recovery Plans Recovery Plan Test Plan It specifies procedures to restore full information system capabilities Final Component Formation of a recovery committee, specify responsibilities and guidelines for proper functioning Identification of deficiencies in the emergency, backup or recovery plans or tin the preparation of an organization for facing a disaster
  • 16. Bbharathrao.wordpress.com Threats and Risk Management •Lack of Integrity •Lack of Confidentiality •Unauthorized Access •Hostile Software •Disgruntled Employees •Hackers and computer crimes •Terrorism and Industrial espionage
  • 17. Bbharathrao.wordpress.com Types of Backup Full Backup Incremental Backup Differential Backup Mirror Backup IT captures all files on the disk or within the folder selected for backup It captures files that were created or changed since the last backup, regardless the backup type It stores files that have changed since the last full backup. It is identical to a full backup, with the exception that the files are not compressed in zip files and they cannot be protected with a password
  • 18. Bbharathrao.wordpress.com Alternative Processing Facility Arrangements It is useful when the organization can tolerate some downtime Organization requires minimum facilities at an alternative location to run its regular operations It is inexpensive Cold site Useful when fast recovery is critical Organization requires all the facilities at an alternative location It is expensive Hot site
  • 19. Bbharathrao.wordpress.com Provides intermediate level of backup Organization can tolerate some downtime Organization requires only essential facilities at an alternative location Warm Site Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster It is relatively cheap Each participant must maintain sufficient capacity to operate another’s critical system Reciprocal Agreement Alternative Processing Facility Arrangements
  • 20. Bbharathrao.wordpress.com Insurance • The purpose of insurance is to spread the economic cost and risk loss from an individual or business to a large number of people. • Policies are contracts that obligate the insurer to indemnify the policyholder from specific risks in exchange of a premium • Adequate insurance coverage is a key consideration while developing a BRP/DRP and performing a risk analysis
  • 21. Bbharathrao.wordpress.com Activities considered while testing BRP/DRP plan • Defining the boundaries • Scenario • Test Criteria • Assumptions • Briefing Session • Checklists • Analysing the test • Debriefing session
  • 22. Bbharathrao.wordpress.com Audit of DR/BR plan • Based on the BIA • Key employees have participated in the development • Plan is simple and is realistic in assumptions • Review the existing DR/BR plan • Gather background info regarding its preparation • Does the DR/BR plan include provisions for personnel, building, utilities and transportation and IT • Does the BR/DR plan include contact details of of suppliers of essential equipment • Does the DR/BR plans include provisions for the approval to expend funds that were not budgeted for the period? Recovery may be costly
  • 23. Bbharathrao.wordpress.com Sources • ISCA Study Material – Volume 1 – ICAI Publication • Comprehensive Guide on Information Systems Audit – Volume II – Commissioned by IT Committee of ICAI • Guide to Implementing Enterprise Risk Management – Internal Standards Board - ICAI • Information Systems Control Audit – Prof.Jignesh Chhedda – VORA Book Agency

Editor's Notes

  1. What would have happened if Facebook is hacked? Imagine you are the creator of facebook – mark zukerbergExtent of disaster and time taken to continue the businessControls of last resort
  2. Planning is an activity performed before the disaster occurs Disaster is an Resulting outrage from disaster can have serious effects on the viability of firm’s operations, profitability, quality of service and convenienceDue to inadequate planningUnderstanding risks to operations and the measures that can minimize the risks and formulate DRP/BCPTake examples of fb disaster. Also quote twitter disaster too
  3. The whole presentation in a nutshellBasically the steps involved in formulating a BCPInitiate Perform Risk Assessment  Choose Recovery Strategy  Test and Validate
  4. Objectives:Primary Objective – Minimize loss……. – Minimize costs  Planning(assessing risks), Minimizing Losses that ariseEnable organization to survive a disaster – Assure that critical operations can resume normal processing within a reasonable time frame.
  5. Understand the core and critical business processes and forecasted processesSteering Committee has a overall responsibility for providing direction and guidance to the bcp teamNext is Risk assessment
  6. Similar to SA:315 and SA:330 but those relates to Financial statements of a entityRisks refer to those uncertanities of outcome, whether an opportunity or threat, arising out of actions and events or they are those uncertanities which impede the achievement of the objectiveA thorough assessment of the system’s security and communication environment should be completed including personnel practices; physical security; operating procedures; backup and contingency planning; systems development and maintenance; database security etcBIA helps to understand the degree of potential loss which could occur. This would also include issues as reputation damage, regulatory effects etc
  7. Plan Development tasks would include identification of:Organizational risks, CBS, risks w.r.t terms of outrage and financial impactIdentify maximum allowable downtime, type and quantity of resources required for recoveryCan be done through: questionnaires, workshops, interviews, examination of documentsHave a detailed definition of requirements – develop a profile of recovery requirements – software, hardware, documents(user, procedures), outside support (public network), personnel
  8. Goals are setAlternative testing strategies are evaluatedThere is no assurance that in the event when plan is activated, the organization would surviveEnsure that the recovery procedures are complete and workableCompetence of personnel and various resources function properly during recoverySuccess or failure of the business continuity training program is monitoredMaintenance of the plans is critical to the success of actual recoveryMust adapt to changes to the environmentRevisions should be made accordingly
  9. Start from Business Risk Impact Assessment
  10. Objective is to minimize threats Hence essential to evaluate potential threats to the systemIntergrity:
  11. Policies usually can be obtained to cover the following resourcesStorage mediaAccounts receivableFacilitiesEquipmentMalpractice, errorsValuable paper and recordsMedia transportationBusiness interruption
  12. Test boundaries are requied to satisfy the disaster recovery strategies. Management team must consider future test criteria to meet the end objectives. Opportunities to test actual recovery provcedures should be done wherever possibleSecnario: eg the scenario must outline what caused the disaster and the level of damage and whether or not anything can be salvaged purpose is to explain to all the participants the cause of the disaster and the planned recovery pointsTest criteria: Role of the observer is to give an unbiased view and to comment on the area of success or concern to assist in future testingAssumptions: eg all purchases (equipment, furniture etc) can be made in the recovery time requiredBriefing session: no matter is necessary. Boundaries are explained and opportunities to discuss any technical uncertanities are providedAnalysing the test: constructive analysis of each test and its result will lead to an effective recovery plan