SlideShare a Scribd company logo

BCS 307 Lecture 7.pdf

J
John119649

Business Continuity and Disaster Recovery

Business
1 of 42
Download to read offline
BCS 307 - BUSINESS CONTINUITY PLANNING JOHN AMBELE MWAIPOPO INFORMATION SCIENCE DEPARTMENT JORDAN UNIVERSITY COLLEGE
Training, Testing, and Auditing Layout of this Lecture Training for emergency response, disaster recovery, and business continuity Testing your business continuity and disaster recovery plan Performing IT systems audits
Introduction Training includes training staff on their roles and responsibilities related to the BC/DR plan as well as training them in the specific skills they’ll need to carry out their roles effectively. Testing is the process of testing the plan, and there are various methods for doing so. There is the process of auditing the IT systems that form the foundation of most BC/DR plans. There’s an interrelationship between testing, training, and auditing. Training, testing, auditing, and plan maintenance are all bound together. Business continuity and disaster recovery project progress.
Testing the plan trains staff and maintains the plan. Training staff tests and maintains the plan. As you train staff and test your plan, you will find areas that require modification. These modifications are made through the change management process defined as part of the plan maintenance phase. The information you glean from training and testing can be extremely useful in honing your plan in advance of a disruptive event. Testing and training go hand in hand. Introduction Training, testing, and auditing activities.
Training For Disaster Recovery And Business Continuity  Two distinct parts of disaster recovery and business continuity training.  First is the actual physical response to the disruption or emergency.  It involves evacuating a building if there’s a fire, grabbing a fire extinguisher to douse a fire in the server room, or finding the water main if there’s flooding inside the building.  These actions all require some basic training, so responders know what to do and how to do it safely.  The second aspect of training has to do with ensuring that the various response teams know how to implement the BC/DR plan and that they have the skills needed to do so.  For example, provide periodic training for IT staff so they can stay up to date on the latest threats and security measures or training for alternate BC/DR staff on performing a system restore and verification routine.
Emergency response  BC/DR team should have an emergency response team (ERT) identified and these team members should be trained in appropriate emergency response activities.  Each company should identify the likely emergency responses needed and provide training in these activities.  If your firm is located in an area prone to flooding, earthquakes, hurricanes, or tornados, you should provide training in emergency response related to these events.  Basic first aid and CPR (Cardiopulmonary resuscitation) training should be part of all emergency responders’ training, and some companies find it useful to provide this training to all employees.  Specialized skills for the ERT might include firefighting techniques or building evacuation procedures. Training For Disaster Recovery And Business Continuity
Emergency response Specialized skills require training in order to protect the safety of the responders and to enable the responders to be effective. Your local fire or police department may provide this type of training or may be able to recommend firms that provide this type of training. BC/DR plan should include the designation of an ERT as well as a list of required training/skills, certification requirements (if any), as well as periodic refresher courses. The ERT leader should be responsible for managing this. He or she should ensure team members have the training and/or certifications required and should arrange for the periodic testing and refreshing of these skills. Training For Disaster Recovery And Business Continuity
Disaster recovery and business continuity training overview Disaster recovery is a crucial step that can mean the difference between the company’s eventual recovery and failure. Training can help improve the chances for eventual success. Disaster recovery and business continuity training includes defining the scope and objectives for the training, performing a needs assessment (gap analysis), developing training, scheduling and delivering training, and monitoring/measuring training. You may choose to perform training while testing your plan. Training For Disaster Recovery And Business Continuity
Training scope, objectives, timelines, and requirements  Develop a training project plan that ties in with the BC/DR project plan. The training plan should include a statement of scope (what is and is not included) as well as a list of high-level objectives. These objectives should include objectives for each of the implementer groups (emergency responders, crisis management team (CMT), damage assessment team, disaster recovery team, etc.). Timelines for training various teams should be developed. Keep in mind that some people may be members of more than one team, so training schedules and training subjects should take that into consideration. Then, develop requirements for training that meet those objectives. Training For Disaster Recovery And Business Continuity
Training For Disaster Recovery And Business Continuity Computer incident response team (CIRT).  Develop scope, an objective statement, a timeline, and a set of requirements for your training.  Testing your project plan, also find areas that should be addressed by training.  Revise these plans once or twice as you go through the training and testing phases.
Performing training needs assessment  Needs assessment phase is essentially a gap analysis.  Review current skill sets against required expertise to carry out various functions and determine what sort of training would best fill the gap.  Training needs become evident during the testing of the plan.  As you test your plan, you’ll see areas where specialized or updated skills and knowledge will be required to successfully execute the plan.  Make note of these potential skill gaps during your plan testing and circle back to include these in your training plans.  A training needs assessment should be performed on the same periodic basis as your plan testing schedule or on some other periodic basis.  People leave the company, are promoted, or change jobs.  You need to ensure that at any given moment, your organization has the skills it needs to implement your BC/DR plan successfully. Training For Disaster Recovery And Business Continuity
Developing training  Companies have limited time or funds available for training, much less for BC/ DR training.  Companies that train their employees benefit not only from improved productivity but greater loyalty as well.  Targeted training to maintain or improve skills, especially those related to mission- critical business functions, can be accomplished relatively quickly and often at a reasonable cost.  As with other risk factors in BC/DR planning, the risk of having untrained personnel can easily be mitigated through training, and it may also help drive productivity within the organization.  When developing training, create clear, specific, measurable outcomes.  A measurable outcome means that it either was or was not accomplished. Training For Disaster Recovery And Business Continuity
Developing training Either Veronica can restore the database from backups using the written procedures or she can’t. Either Baraka can safely shut power off to the manufacturing floor or he can’t. Keep in mind that not all training for your BC/DR plan will be extensive training. Some may be as simple as showing Sylivester where the power shut off is and how to perform a power shutdown for the manufacturing floor. Other training, such as how to restore various IT systems that are closely integrated or interconnected, may require training in several knowledge areas as well as hands-on experience. Training For Disaster Recovery And Business Continuity
Developing training Training should provide some sort of materials (printed, soft copy, Web based, etc.) that capture and reinforce the skills and knowledge presented. The training should also be designed to use several elements such as written, classroom lecture, hands-on (lab), and field (exercises). Use a final quiz or exam to ensure students have grasped the key concepts and can apply them appropriately. The final test or exam should reflect the training outcomes identified. Training For Disaster Recovery And Business Continuity
Scheduling and delivering training  Scheduling and delivering training is a secondary challenge after getting the training budget approved.  Find various training programs online that people can attend on their own schedule.  If you use a flexible online learning system (either your own or an external one), be sure to set timelines and test for knowledge along the way.  Some online courses are better than others, and some test knowledge better than others.  Verify the quality of the training in advance and find ways to verify that students learned the required materials.  Develop training that moves quickly, is interesting, engaging, and relevant to the students, it’s much more likely you’ll be able to get students to attend your training sessions.  Get the training scheduled and delivered in a reasonable timeframe. Training For Disaster Recovery And Business Continuity
Monitoring and measuring training First step in monitoring and measuring training is the development of clear objectives and outcomes for the training. If you don’t know what should be accomplished in training, you won’t be able to determine if the training was effective. Exams and hands-on demonstrations of skills can be extremely effective in testing and verifying knowledge. Physical skills such as using a fire extinguisher or performing CPR, both a test of knowledge and a demonstration of skills are best. Logical skills are such as restoring a server or verifying user permissions. Training For Disaster Recovery And Business Continuity
Monitoring and measuring training Verify that the training occurred and that several basic concepts were retained by students. Monitoring involves ensuring key personnel have actually attended required training and have not somehow accidentally fallen through the cracks. If staff members leave or move into different positions, replacements need to be trained, so you need to develop some method of periodically checking your key BC/DR staff positions and ensure individuals are still in place and ready to perform their assigned BC/DR duties. These vary widely from one company to the next. Training For Disaster Recovery And Business Continuity
Training and Testing For Your Business Continuity And Disaster Recovery Plan  Four basic ways to train staff regarding the BC/DR plan, and these also test the plan.  These are paper walk-throughs (or tabletop exercises), functional exercises, field exercises, and full interruptions.  Team leaders, need to know how and when to activate the plan as well as how to notify, assemble, and manage their teams.  They need to know how to: • Use the plan effectively. • Understand their individual and team roles and responsibilities. • Notify, assemble, and manage their team members. • Operate as a cross-functional team member. • Communicate across organizational boundaries in a stressful situation, often without the aid of common communication tools such as phones, e-mail, or other devices.
Most basic part of the training is understanding the plan and how to utilize it. The role of training is both to familiarize people with the plan elements and processes and to reinforce the basic knowledge of the plan. The plan document is accessible immediately upon notification of a disruptive event and someone starts managing the plan. Having a team well versed in the initial steps of the plan will provide an effective early response. Everyone involved with the BC/DR implementation needs to understand their specific roles and responsibilities once a plan is activated. Training should address both the BC/DR process itself as well as the specific skills needed by team members to be effective in their designated roles. Training and Testing For Your Business Continuity And Disaster Recovery Plan
 For example, a database administrator may be part of the IT damage assessment team.  He/She may be an outstanding DBA but may not have the specific skills to know how to approach the IT damage assessment process.  He/She should be trained in the process of performing the IT damage assessment as well as in the overall BC/DR process.  That way, he/she will understand how and when the IT damage assessment is performed, how it impacts other BC/DR activities, and how to perform the duties of that role.  Team leaders head up their individual teams (be sure to assign alternates or backups for key roles) and they must also be able to work effectively as part of the ERT (Emergency response team) or CMT (Crisis management team).  That means there has to be a leader assigned or selected for the CMT. Training and Testing For Your Business Continuity And Disaster Recovery Plan
Training should address the communication needs across the organization. There are numerous communication needs throughout the life-cycle of a disaster and the team should understand this. Training should address the various communication groups (groups to whom the CMT should communicate), the appropriate frequency and content of the communication, and the appropriate distribution mechanism. Four commonly used methods of training: paper walk-throughs, functional exercises, field exercises, and full interruptions Training and Testing For Your Business Continuity And Disaster Recovery Plan
Training and Testing For Your Business Continuity And Disaster Recovery Plan Relative disruption and accuracy of BC/DR plan test methods.
Paper walk-through If you can manage to schedule a paper walk-through of your BC/ DR plan once a year, you’ve scored a major victory. You want to know if your BC/DR plan will work if needed, and the only way to determine that is to test it out. A paper walk-through will take time to step through but it’s time well spent. There are eight discrete steps you can take to run an effective paper walk-through. These steps also apply to the other types of training (functional, field, etc.). Training and Testing For Your Business Continuity And Disaster Recovery Plan
Steps taken to run an effective paper walk-through. 1. Develop realistic scenarios The first step is to develop realistic scenarios based on those risks determined by your assessment to be the highest risk, highest likelihood, and highest impact for your walk-through. Focus on the things most likely to occur. Start with a fire in the building, since statistically speaking, that’s the disaster most likely to strike businesses. Create scenarios that involve your highest risk/impacts. Remember, you will likely need to perform several walk-throughs based on various threats. Training and Testing For Your Business Continuity And Disaster Recovery Plan
2. Develop evaluation criteria The key to any successful test of your plan, whether it’s a paper walk- through or a full interruption, is to have criteria by which you’ll evaluate the success of that training. For your paper walk-through, you might develop criteria that include: • How well participants were able to follow and utilize the plan. • How well participants were able to communicate across team lines. • How well the checklists or defined steps worked to achieve the stated objectives. • How confident participants felt with their implementation of the plan. • How confident participants feel about implementing the plan in the future. Training and Testing For Your Business Continuity And Disaster Recovery Plan
3. Provide copies of the plan  Members of the CMT should be given the latest copies of the plan in advance of the walk- through.  Required to look through the plan prior to the walk-through. Training and Testing For Your Business Continuity And Disaster Recovery Plan  Individual team members that might be participating, such as ERT should be provided their section of the plan.  Create a flowchart of your plan’s processes in order to help individual team members visually see and understand how things should proceed. Sample flowchart of BC/DR plan (partial).
4. Divide participants by team  Members of different team needs to sit together in a walk-through.  It makes it easy to follow the flow of the walk-through and helps confer or make notes among themselves.  Also reduce cross-talk and interruptions.  Team members should attend the training and work alongside their counterparts.  Vendors designated as team members, should also be included in the training. 5. Use checklists  Provide copies of these checklists and ensure the team uses these checklists.  If they find steps that are out of order, missing, or redundant, they can correct the checklists quickly.  Checklists help maintain direction and forward progress during the walk-through. Training and Testing For Your Business Continuity And Disaster Recovery Plan
6. Take notes  Someone should be tasked with keeping notes about the overall flow, level of readiness, gaps in the plan, ambiguities, procedural errors, etc.  If you run the walk-through with various teams, each team should be responsible for keeping notes on their process and their section of the plan as well. 7. Identify training needs  Keep and eye open for additional training needs as you train staff in the use and implementation of the plan.  Ask training participants to make a note of any skills they believe they need in order to effectively carry out the BC/DR plan.  Identify skills gaps and develop a list of training needs from these run-throughs.  Prioritize and sort through the training requests to determine what is high priority and what can wait (or is not needed) on the long wish list requests. Training and Testing For Your Business Continuity And Disaster Recovery Plan
8. Develop summary and lessons learned  At the end compile and summarize the notes collected.  Summarize the lessons learned from the exercise and schedule a follow-up meeting.  This follow-up meeting should be held a day or two after the walk-through (i.e., not immediately following the walk-through, but not 4 weeks later) so that participants have a chance to think about the walk-through and bring their thoughts, suggestions, and feedback to the follow-up meeting.  Use the data collected from this process to modify future walk-through sessions and to modify the BC/DR plan as needed.  Flag your team members in manner so that if someone leaves or is promoted, you either notify the alternate or designate and train a replacement. Training and Testing For Your Business Continuity And Disaster Recovery Plan
Functional exercises Functional exercises train staff in critical procedures or functions needed to respond to and address the disruption. They are used to test some of the plan’s functionality. Plan a field or full-scale interruptions to test all the functionality. Perform a paper walk-through along with functional exercises. They make use of scenario-based scripts and run for 2-3 hours. The ERT and CMT teams have to respond to the scripted events using their training and BC/DR plan. Training and Testing For Your Business Continuity And Disaster Recovery Plan
 Have clear objectives and outcomes identified for functional exercises training.  For example, teaching staff how to restore a database from the cloud pulled across the Internet from a remote data vault. List the key knowledge you expect staff to gain. This might include: • How to determine that the database needs to be restored (i.e., is the local copy destroyed, corrupted, offline, etc.) • How to access the data vault backups (location, login credentials, accessing data, etc.) • How to restore the data (what order, what locations, what settings, etc.) • How to verify the restore (verification of file names, sizes, locations; sample test scripts, etc.)  A functional test of the BC/DR plan follows the same path. Testing some of the functions of your plan, develop step-by-step instructions and have participants use those steps to test the function. Training and Testing For Your Business Continuity And Disaster Recovery Plan
Field exercises  Field exercises involve fairly realistic exercises based on likely scenarios.  From time to time, local emergency responders (LER) exercise their skills by practicing scenarios using full-scale field exercise.  Companies practices their emergency and disaster recovery response using full- scale field exercises, by coordinating such exercises with local emergency responders (LER).  LER may test their skills and train your staff in the process.  Having excellent resource this will help test and hone your skills also provide valuable input into your disaster planning.  Most companies barely have the time or resources to do an annual paper walkthrough of their plan, so it’s not likely you’ll be able to run through a real-world Training and Testing For Your Business Continuity And Disaster Recovery Plan
Companies working in a dangerous industry (hazardous chemicals, explosives, power, etc.), you may want (or be required by law) to perform field exercises to assess and improve readiness. It’s not until a situation is unfolding, even in a simulated manner, where some problems with a plan come to light. Paper walk-throughs and functional exercises may leave knowledge gaps or plan problems that you just won’t know about until a real situation presents itself. Field exercises can reduce the risk of plan gaps but at a much greater expense of time and resources. For some companies, this investment makes sense. Training and Testing For Your Business Continuity And Disaster Recovery Plan
Full interruption test Like a field exercise, a full interruption test can be for the organization or just for specific systems within the organization. It activates all components of the plan and interrupts all mission-critical functions. The full interruption test will also activate the alternate work sites or facilities and off-site storage facilities, and the plan is actually implemented in whole. This type of full interruption test can be announced or unannounced. Clearly, an unannounced test simulates a real disruption or disaster more accurately than an announced test, but is also more disruptive. Most companies are unlikely to be willing to disrupt their operations long enough to perform a full interruption test. Training and Testing For Your Business Continuity And Disaster Recovery Plan
 There are numerous reasons for testing the plan.  Clear reason is making sure the plan will work in the event of a real disruption or disaster.  Testing serves these purposes: • Checks for understanding of processes, procedures, and steps by those implementing the plan. • Validates the integration of tasks across the various business units and management functions. • Confirms the steps developed for each phase of the plan’s implementation. • Determines whether the right resources have been identified. • Familiarizes all involved parties with the overall process and flow of information. • Identifies gaps or weaknesses in the plan. • Determines cost and feasibility.  Training will test the plan. Testing BC/DR Plan
Test evaluation criteria  Develop clear evaluation criteria for your tests before embarking on the testing phase.  Create test criteria by going through various checklists or steps in your BC/DR plan and create corresponding questions.  Example involving the notification step in the activation of the plan. 1. Was the primary team member able to begin the notification process successfully? 2. How many team members were contacted? 3. How long did it take to notify team members? 4. Were there any missing or incorrect phone numbers? 5. How many team members were contacted via their primary methods vs. alternate methods? Testing BC/DR Plan
6. How many team members were not on the notification list? 7. Were there any names on the notification list that should not have been? 8. Would this have worked if phone systems were out?  Create a set of questions for each phase of the plan and use these to evaluate the test results.  Measure the performance against the ability to complete each step, the thoroughness of each step, the effectiveness of each step, and the accuracy and validity of each step. Recommendations  Develop recommendations based on test results.  Recommendations results in modifications to the BC/DR plan, and other areas.  For example, you might find areas in which staff needs additional training. You might find through these tests that there are areas of the business not included in the plan. Testing BC/DR Plan
 An audit is the systematic examination against defined criteria.  Companies are required to comply with laws or regulations, audits must be performed.  Audits may help your BC/DR planning and may need to be included in your plan. IT SYSTEMS AND SECURITY AUDITS  Auditing IT systems involves a set of tasks that help reduce the risk of an intrusion or attack.  Audits are concerned primarily with ensuring the company maintains data confidentiality, integrity, and availability, because these are the areas that typically come under attack.  The risks can disable a company’s critical business functions; it disables the company’s entire operations and creates a significant legal or financial liability for the firm as well. Performing IT Systems and Security Audits
 An IT systems audit typically focuses on conducting a systematic evaluation of the security of various IT systems by measuring how well it conforms to established criteria or requirements.  It includes an assessment or review of the network and systems’ physical configuration and environment, the configuration of the software, the handling (storage, transport, access, etc.) of data, sensitive data in particular, and user access.  Security audits are often performed in conjunction with compliance efforts.  Hardening systems is a risk mitigation strategy that is employed by virtually every company using IT systems today.  Hardening systems, consists of taking actions to minimize the attack footprint of a system or network. Performing IT Systems and Security Audits
 This includes actions such as removing network protocols not in use, disabling ports or services not being used, removing unused user accounts, reducing permissions to the least possible, and automating the updating of antivirus and antispyware data files, to name just a few examples.  Systems auditing include several key elements: • Ensuring IT risk mitigation strategies are in place and properly implemented/configured. • Ensuring systems identified by the BC/DR plan are still in place and functioning. • Identifying areas where new technology has been implemented and may not be incorporated into the BC/DR plan. • Identifying areas where technology has been retired or modified, resulting in the need to revise the BC/DR plan. • Reviewing the processes identified in the BC/DR plan with respect to IT systems to ensure the steps and processes are still correct, complete, and relevant. Performing IT Systems and Security Audits
• Verifying IT incident response team (CIRT, CERT) is intact with clear understanding of roles, responsibilities, and how to implement the IT-specific segments of the BC/DR plan. • Reviewing data regarding various systems to ensure they are compliant with the BC/DR plans. These systems include operating systems, networking and telecommunications equipment, database and applications, systems backups, security controls, integration, and testing. Any of these areas is subject to frequent change.  An audit can help assure the BC/DR plan will still work if implemented.  Key is to identify how IT systems have changed (or remained the same) and assess how and where that impacts the BC/DR plan.  Most IT systems are not static and even gradual changes over time can end up creating a significant change to the way a BC/DR plan must be implemented. Performing IT Systems and Security Audits
BCS 307 Lecture 7.pdf

Recommended

Exposure Interval Initial Risk Assessment (with exist.docx
Exposure Interval Initial Risk Assessment (with exist.docxExposure Interval Initial Risk Assessment (with exist.docx
Exposure Interval Initial Risk Assessment (with exist.docx
lmelaine
 
Ch-3-Training & Development.ppt
Ch-3-Training & Development.pptCh-3-Training & Development.ppt
Ch-3-Training & Development.ppt
AdanePetros3
 
Training & development
Training & developmentTraining & development
Training & development
Dharmik
 
Human Resource Training and Development
Human Resource Training and DevelopmentHuman Resource Training and Development
Human Resource Training and Development
Joey Miñano
 
Tni
TniTni
Tni
Faizuddin Ahmed
 
Training need identification
Training need identificationTraining need identification
Training need identification
vidya vikraman
 
Tni
TniTni
Tni
Faizuddin Ahmed
 
NCV 4 Management Practice Hands-On Support Slide Show - Module 3
NCV 4 Management Practice Hands-On Support Slide Show - Module 3NCV 4 Management Practice Hands-On Support Slide Show - Module 3
NCV 4 Management Practice Hands-On Support Slide Show - Module 3
Future Managers
 

Recommended

Exposure Interval Initial Risk Assessment (with exist.docx
Exposure Interval Initial Risk Assessment (with exist.docxExposure Interval Initial Risk Assessment (with exist.docx
Exposure Interval Initial Risk Assessment (with exist.docx
lmelaine
 
Ch-3-Training & Development.ppt
Ch-3-Training & Development.pptCh-3-Training & Development.ppt
Ch-3-Training & Development.ppt
AdanePetros3
 
Training & development
Training & developmentTraining & development
Training & development
Dharmik
 
Human Resource Training and Development
Human Resource Training and DevelopmentHuman Resource Training and Development
Human Resource Training and Development
Joey Miñano
 
Tni
TniTni
Tni
Faizuddin Ahmed
 
Training need identification
Training need identificationTraining need identification
Training need identification
vidya vikraman
 
Tni
TniTni
Tni
Faizuddin Ahmed
 
NCV 4 Management Practice Hands-On Support Slide Show - Module 3
NCV 4 Management Practice Hands-On Support Slide Show - Module 3NCV 4 Management Practice Hands-On Support Slide Show - Module 3
NCV 4 Management Practice Hands-On Support Slide Show - Module 3
Future Managers
 
The Value of Training and Development.pdf
The Value of Training and Development.pdfThe Value of Training and Development.pdf
The Value of Training and Development.pdf
MariaLucilleTGuillen
 
Revitalized Training Program
Revitalized Training ProgramRevitalized Training Program
Revitalized Training Program
jdtamisen
 
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docxRunning Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
agnesdcarey33086
 
1 training & development introduction
1 training & development introduction1 training & development introduction
1 training & development introduction
Dr. C.V. Suresh Babu
 
Training and Development
Training and DevelopmentTraining and Development
Training and Development
Atul Chanodkar
 
UNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is aboutUNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is about
MohdAeliyaHaider
 
How to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training ProgramHow to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training Program
Ricky Smith CMRP, CMRT
 
coordinate activities in the operation of an enterprise
coordinate activities in the operation of an enterprisecoordinate activities in the operation of an enterprise
coordinate activities in the operation of an enterprise
RoyCabarles3
 
Trainning and development (t&d)
Trainning and development (t&d)Trainning and development (t&d)
Trainning and development (t&d)
Saba Gul Rehmat
 
Five steps to_realizing_workforce_training_success
Five steps to_realizing_workforce_training_successFive steps to_realizing_workforce_training_success
Five steps to_realizing_workforce_training_success
Syed Mehboob
 
HRM.pptx
HRM.pptx HRM.pptx
HRM.pptx
ssuser2ac4c0
 
Employee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docxEmployee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docx
YASHU40
 
Hrm
HrmHrm
Hrm
GyanaKumari1
 
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docxTable of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
mattinsonjanel
 
Training Plan
Training PlanTraining Plan
Training Plan
Ray Oaklands
 
Five Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docxFive Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docx
clydes2
 
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
GMPTraining.com
 
05 integrated management system telkom 2016 penanganan bencana - tanggap da...
05 integrated management system telkom 2016 penanganan bencana - tanggap da...05 integrated management system telkom 2016 penanganan bencana - tanggap da...
05 integrated management system telkom 2016 penanganan bencana - tanggap da...
wisnu wardhana, i nyoman
 
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docxSouth UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
williame8
 
(Handbook) management of training & development
(Handbook) management of training & development(Handbook) management of training & development
(Handbook) management of training & development
AamirBashir51
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
ssuserf63bd7
 

More Related Content

Similar to BCS 307 Lecture 7.pdf

Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docxRunning Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
agnesdcarey33086
 
UNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is aboutUNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is about
MohdAeliyaHaider
 
How to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training ProgramHow to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training Program
Ricky Smith CMRP, CMRT
 
Employee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docxEmployee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docx
YASHU40
 
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docxTable of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
mattinsonjanel
 
Five Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docxFive Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docx
clydes2
 
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
GMPTraining.com
 
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docxSouth UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
williame8
 
(Handbook) management of training & development
(Handbook) management of training & development(Handbook) management of training & development
(Handbook) management of training & development
AamirBashir51
 

Similar to BCS 307 Lecture 7.pdf (20)

The Value of Training and Development.pdf
The Value of Training and Development.pdfThe Value of Training and Development.pdf
The Value of Training and Development.pdf
 
Revitalized Training Program
Revitalized Training ProgramRevitalized Training Program
Revitalized Training Program
 
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docxRunning Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
Running Head TRAINING AND DEVELOPMENT PROPOSALTRAINING AND DE.docx
 
1 training & development introduction
1 training & development introduction1 training & development introduction
1 training & development introduction
 
Training and Development
Training and DevelopmentTraining and Development
Training and Development
 
UNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is aboutUNIT 4-Learning and Development.pptx is about
UNIT 4-Learning and Development.pptx is about
 
How to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training ProgramHow to Develop an Effective Maintenance Skills Training Program
How to Develop an Effective Maintenance Skills Training Program
 
coordinate activities in the operation of an enterprise
coordinate activities in the operation of an enterprisecoordinate activities in the operation of an enterprise
coordinate activities in the operation of an enterprise
 
Trainning and development (t&d)
Trainning and development (t&d)Trainning and development (t&d)
Trainning and development (t&d)
 
Five steps to_realizing_workforce_training_success
Five steps to_realizing_workforce_training_successFive steps to_realizing_workforce_training_success
Five steps to_realizing_workforce_training_success
 
HRM.pptx
HRM.pptx HRM.pptx
HRM.pptx
 
Employee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docxEmployee TrainingStudents NameLecturers N.docx
Employee TrainingStudents NameLecturers N.docx
 
Hrm
HrmHrm
Hrm
 
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docxTable of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
Table of Contents.ORGANIZATIONAL TRAININGEMPOYEE TRAINING.docx
 
Training Plan
Training PlanTraining Plan
Training Plan
 
Five Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docxFive Training DesignLearningObjectivesAfterreading.docx
Five Training DesignLearningObjectivesAfterreading.docx
 
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
Training And Education Within Pharmaceutical Manufacturing Manupharma Summit ...
 
05 integrated management system telkom 2016 penanganan bencana - tanggap da...
05 integrated management system telkom 2016 penanganan bencana - tanggap da...05 integrated management system telkom 2016 penanganan bencana - tanggap da...
05 integrated management system telkom 2016 penanganan bencana - tanggap da...
 
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docxSouth UniversityfileCUsersCWATKIMDesktopStrategic.docx
South UniversityfileCUsersCWATKIMDesktopStrategic.docx
 
(Handbook) management of training & development
(Handbook) management of training & development(Handbook) management of training & development
(Handbook) management of training & development
 

Recently uploaded

Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 

Recently uploaded (20)

Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 

BCS 307 Lecture 7.pdf

  • 1. BCS 307 - BUSINESS CONTINUITY PLANNING JOHN AMBELE MWAIPOPO INFORMATION SCIENCE DEPARTMENT JORDAN UNIVERSITY COLLEGE
  • 2. Training, Testing, and Auditing Layout of this Lecture Training for emergency response, disaster recovery, and business continuity Testing your business continuity and disaster recovery plan Performing IT systems audits
  • 3. Introduction Training includes training staff on their roles and responsibilities related to the BC/DR plan as well as training them in the specific skills they’ll need to carry out their roles effectively. Testing is the process of testing the plan, and there are various methods for doing so. There is the process of auditing the IT systems that form the foundation of most BC/DR plans. There’s an interrelationship between testing, training, and auditing. Training, testing, auditing, and plan maintenance are all bound together. Business continuity and disaster recovery project progress.
  • 4. Testing the plan trains staff and maintains the plan. Training staff tests and maintains the plan. As you train staff and test your plan, you will find areas that require modification. These modifications are made through the change management process defined as part of the plan maintenance phase. The information you glean from training and testing can be extremely useful in honing your plan in advance of a disruptive event. Testing and training go hand in hand. Introduction Training, testing, and auditing activities.
  • 5. Training For Disaster Recovery And Business Continuity  Two distinct parts of disaster recovery and business continuity training.  First is the actual physical response to the disruption or emergency.  It involves evacuating a building if there’s a fire, grabbing a fire extinguisher to douse a fire in the server room, or finding the water main if there’s flooding inside the building.  These actions all require some basic training, so responders know what to do and how to do it safely.  The second aspect of training has to do with ensuring that the various response teams know how to implement the BC/DR plan and that they have the skills needed to do so.  For example, provide periodic training for IT staff so they can stay up to date on the latest threats and security measures or training for alternate BC/DR staff on performing a system restore and verification routine.
  • 6. Emergency response  BC/DR team should have an emergency response team (ERT) identified and these team members should be trained in appropriate emergency response activities.  Each company should identify the likely emergency responses needed and provide training in these activities.  If your firm is located in an area prone to flooding, earthquakes, hurricanes, or tornados, you should provide training in emergency response related to these events.  Basic first aid and CPR (Cardiopulmonary resuscitation) training should be part of all emergency responders’ training, and some companies find it useful to provide this training to all employees.  Specialized skills for the ERT might include firefighting techniques or building evacuation procedures. Training For Disaster Recovery And Business Continuity
  • 7. Emergency response Specialized skills require training in order to protect the safety of the responders and to enable the responders to be effective. Your local fire or police department may provide this type of training or may be able to recommend firms that provide this type of training. BC/DR plan should include the designation of an ERT as well as a list of required training/skills, certification requirements (if any), as well as periodic refresher courses. The ERT leader should be responsible for managing this. He or she should ensure team members have the training and/or certifications required and should arrange for the periodic testing and refreshing of these skills. Training For Disaster Recovery And Business Continuity
  • 8. Disaster recovery and business continuity training overview Disaster recovery is a crucial step that can mean the difference between the company’s eventual recovery and failure. Training can help improve the chances for eventual success. Disaster recovery and business continuity training includes defining the scope and objectives for the training, performing a needs assessment (gap analysis), developing training, scheduling and delivering training, and monitoring/measuring training. You may choose to perform training while testing your plan. Training For Disaster Recovery And Business Continuity
  • 9. Training scope, objectives, timelines, and requirements  Develop a training project plan that ties in with the BC/DR project plan. The training plan should include a statement of scope (what is and is not included) as well as a list of high-level objectives. These objectives should include objectives for each of the implementer groups (emergency responders, crisis management team (CMT), damage assessment team, disaster recovery team, etc.). Timelines for training various teams should be developed. Keep in mind that some people may be members of more than one team, so training schedules and training subjects should take that into consideration. Then, develop requirements for training that meet those objectives. Training For Disaster Recovery And Business Continuity
  • 10. Training For Disaster Recovery And Business Continuity Computer incident response team (CIRT).  Develop scope, an objective statement, a timeline, and a set of requirements for your training.  Testing your project plan, also find areas that should be addressed by training.  Revise these plans once or twice as you go through the training and testing phases.
  • 11. Performing training needs assessment  Needs assessment phase is essentially a gap analysis.  Review current skill sets against required expertise to carry out various functions and determine what sort of training would best fill the gap.  Training needs become evident during the testing of the plan.  As you test your plan, you’ll see areas where specialized or updated skills and knowledge will be required to successfully execute the plan.  Make note of these potential skill gaps during your plan testing and circle back to include these in your training plans.  A training needs assessment should be performed on the same periodic basis as your plan testing schedule or on some other periodic basis.  People leave the company, are promoted, or change jobs.  You need to ensure that at any given moment, your organization has the skills it needs to implement your BC/DR plan successfully. Training For Disaster Recovery And Business Continuity
  • 12. Developing training  Companies have limited time or funds available for training, much less for BC/ DR training.  Companies that train their employees benefit not only from improved productivity but greater loyalty as well.  Targeted training to maintain or improve skills, especially those related to mission- critical business functions, can be accomplished relatively quickly and often at a reasonable cost.  As with other risk factors in BC/DR planning, the risk of having untrained personnel can easily be mitigated through training, and it may also help drive productivity within the organization.  When developing training, create clear, specific, measurable outcomes.  A measurable outcome means that it either was or was not accomplished. Training For Disaster Recovery And Business Continuity
  • 13. Developing training Either Veronica can restore the database from backups using the written procedures or she can’t. Either Baraka can safely shut power off to the manufacturing floor or he can’t. Keep in mind that not all training for your BC/DR plan will be extensive training. Some may be as simple as showing Sylivester where the power shut off is and how to perform a power shutdown for the manufacturing floor. Other training, such as how to restore various IT systems that are closely integrated or interconnected, may require training in several knowledge areas as well as hands-on experience. Training For Disaster Recovery And Business Continuity
  • 14. Developing training Training should provide some sort of materials (printed, soft copy, Web based, etc.) that capture and reinforce the skills and knowledge presented. The training should also be designed to use several elements such as written, classroom lecture, hands-on (lab), and field (exercises). Use a final quiz or exam to ensure students have grasped the key concepts and can apply them appropriately. The final test or exam should reflect the training outcomes identified. Training For Disaster Recovery And Business Continuity
  • 15. Scheduling and delivering training  Scheduling and delivering training is a secondary challenge after getting the training budget approved.  Find various training programs online that people can attend on their own schedule.  If you use a flexible online learning system (either your own or an external one), be sure to set timelines and test for knowledge along the way.  Some online courses are better than others, and some test knowledge better than others.  Verify the quality of the training in advance and find ways to verify that students learned the required materials.  Develop training that moves quickly, is interesting, engaging, and relevant to the students, it’s much more likely you’ll be able to get students to attend your training sessions.  Get the training scheduled and delivered in a reasonable timeframe. Training For Disaster Recovery And Business Continuity
  • 16. Monitoring and measuring training First step in monitoring and measuring training is the development of clear objectives and outcomes for the training. If you don’t know what should be accomplished in training, you won’t be able to determine if the training was effective. Exams and hands-on demonstrations of skills can be extremely effective in testing and verifying knowledge. Physical skills such as using a fire extinguisher or performing CPR, both a test of knowledge and a demonstration of skills are best. Logical skills are such as restoring a server or verifying user permissions. Training For Disaster Recovery And Business Continuity
  • 17. Monitoring and measuring training Verify that the training occurred and that several basic concepts were retained by students. Monitoring involves ensuring key personnel have actually attended required training and have not somehow accidentally fallen through the cracks. If staff members leave or move into different positions, replacements need to be trained, so you need to develop some method of periodically checking your key BC/DR staff positions and ensure individuals are still in place and ready to perform their assigned BC/DR duties. These vary widely from one company to the next. Training For Disaster Recovery And Business Continuity
  • 18. Training and Testing For Your Business Continuity And Disaster Recovery Plan  Four basic ways to train staff regarding the BC/DR plan, and these also test the plan.  These are paper walk-throughs (or tabletop exercises), functional exercises, field exercises, and full interruptions.  Team leaders, need to know how and when to activate the plan as well as how to notify, assemble, and manage their teams.  They need to know how to: • Use the plan effectively. • Understand their individual and team roles and responsibilities. • Notify, assemble, and manage their team members. • Operate as a cross-functional team member. • Communicate across organizational boundaries in a stressful situation, often without the aid of common communication tools such as phones, e-mail, or other devices.
  • 19. Most basic part of the training is understanding the plan and how to utilize it. The role of training is both to familiarize people with the plan elements and processes and to reinforce the basic knowledge of the plan. The plan document is accessible immediately upon notification of a disruptive event and someone starts managing the plan. Having a team well versed in the initial steps of the plan will provide an effective early response. Everyone involved with the BC/DR implementation needs to understand their specific roles and responsibilities once a plan is activated. Training should address both the BC/DR process itself as well as the specific skills needed by team members to be effective in their designated roles. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 20.  For example, a database administrator may be part of the IT damage assessment team.  He/She may be an outstanding DBA but may not have the specific skills to know how to approach the IT damage assessment process.  He/She should be trained in the process of performing the IT damage assessment as well as in the overall BC/DR process.  That way, he/she will understand how and when the IT damage assessment is performed, how it impacts other BC/DR activities, and how to perform the duties of that role.  Team leaders head up their individual teams (be sure to assign alternates or backups for key roles) and they must also be able to work effectively as part of the ERT (Emergency response team) or CMT (Crisis management team).  That means there has to be a leader assigned or selected for the CMT. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 21. Training should address the communication needs across the organization. There are numerous communication needs throughout the life-cycle of a disaster and the team should understand this. Training should address the various communication groups (groups to whom the CMT should communicate), the appropriate frequency and content of the communication, and the appropriate distribution mechanism. Four commonly used methods of training: paper walk-throughs, functional exercises, field exercises, and full interruptions Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 22. Training and Testing For Your Business Continuity And Disaster Recovery Plan Relative disruption and accuracy of BC/DR plan test methods.
  • 23. Paper walk-through If you can manage to schedule a paper walk-through of your BC/ DR plan once a year, you’ve scored a major victory. You want to know if your BC/DR plan will work if needed, and the only way to determine that is to test it out. A paper walk-through will take time to step through but it’s time well spent. There are eight discrete steps you can take to run an effective paper walk-through. These steps also apply to the other types of training (functional, field, etc.). Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 24. Steps taken to run an effective paper walk-through. 1. Develop realistic scenarios The first step is to develop realistic scenarios based on those risks determined by your assessment to be the highest risk, highest likelihood, and highest impact for your walk-through. Focus on the things most likely to occur. Start with a fire in the building, since statistically speaking, that’s the disaster most likely to strike businesses. Create scenarios that involve your highest risk/impacts. Remember, you will likely need to perform several walk-throughs based on various threats. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 25. 2. Develop evaluation criteria The key to any successful test of your plan, whether it’s a paper walk- through or a full interruption, is to have criteria by which you’ll evaluate the success of that training. For your paper walk-through, you might develop criteria that include: • How well participants were able to follow and utilize the plan. • How well participants were able to communicate across team lines. • How well the checklists or defined steps worked to achieve the stated objectives. • How confident participants felt with their implementation of the plan. • How confident participants feel about implementing the plan in the future. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 26. 3. Provide copies of the plan  Members of the CMT should be given the latest copies of the plan in advance of the walk- through.  Required to look through the plan prior to the walk-through. Training and Testing For Your Business Continuity And Disaster Recovery Plan  Individual team members that might be participating, such as ERT should be provided their section of the plan.  Create a flowchart of your plan’s processes in order to help individual team members visually see and understand how things should proceed. Sample flowchart of BC/DR plan (partial).
  • 27. 4. Divide participants by team  Members of different team needs to sit together in a walk-through.  It makes it easy to follow the flow of the walk-through and helps confer or make notes among themselves.  Also reduce cross-talk and interruptions.  Team members should attend the training and work alongside their counterparts.  Vendors designated as team members, should also be included in the training. 5. Use checklists  Provide copies of these checklists and ensure the team uses these checklists.  If they find steps that are out of order, missing, or redundant, they can correct the checklists quickly.  Checklists help maintain direction and forward progress during the walk-through. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 28. 6. Take notes  Someone should be tasked with keeping notes about the overall flow, level of readiness, gaps in the plan, ambiguities, procedural errors, etc.  If you run the walk-through with various teams, each team should be responsible for keeping notes on their process and their section of the plan as well. 7. Identify training needs  Keep and eye open for additional training needs as you train staff in the use and implementation of the plan.  Ask training participants to make a note of any skills they believe they need in order to effectively carry out the BC/DR plan.  Identify skills gaps and develop a list of training needs from these run-throughs.  Prioritize and sort through the training requests to determine what is high priority and what can wait (or is not needed) on the long wish list requests. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 29. 8. Develop summary and lessons learned  At the end compile and summarize the notes collected.  Summarize the lessons learned from the exercise and schedule a follow-up meeting.  This follow-up meeting should be held a day or two after the walk-through (i.e., not immediately following the walk-through, but not 4 weeks later) so that participants have a chance to think about the walk-through and bring their thoughts, suggestions, and feedback to the follow-up meeting.  Use the data collected from this process to modify future walk-through sessions and to modify the BC/DR plan as needed.  Flag your team members in manner so that if someone leaves or is promoted, you either notify the alternate or designate and train a replacement. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 30. Functional exercises Functional exercises train staff in critical procedures or functions needed to respond to and address the disruption. They are used to test some of the plan’s functionality. Plan a field or full-scale interruptions to test all the functionality. Perform a paper walk-through along with functional exercises. They make use of scenario-based scripts and run for 2-3 hours. The ERT and CMT teams have to respond to the scripted events using their training and BC/DR plan. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 31.  Have clear objectives and outcomes identified for functional exercises training.  For example, teaching staff how to restore a database from the cloud pulled across the Internet from a remote data vault. List the key knowledge you expect staff to gain. This might include: • How to determine that the database needs to be restored (i.e., is the local copy destroyed, corrupted, offline, etc.) • How to access the data vault backups (location, login credentials, accessing data, etc.) • How to restore the data (what order, what locations, what settings, etc.) • How to verify the restore (verification of file names, sizes, locations; sample test scripts, etc.)  A functional test of the BC/DR plan follows the same path. Testing some of the functions of your plan, develop step-by-step instructions and have participants use those steps to test the function. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 32. Field exercises  Field exercises involve fairly realistic exercises based on likely scenarios.  From time to time, local emergency responders (LER) exercise their skills by practicing scenarios using full-scale field exercise.  Companies practices their emergency and disaster recovery response using full- scale field exercises, by coordinating such exercises with local emergency responders (LER).  LER may test their skills and train your staff in the process.  Having excellent resource this will help test and hone your skills also provide valuable input into your disaster planning.  Most companies barely have the time or resources to do an annual paper walkthrough of their plan, so it’s not likely you’ll be able to run through a real-world Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 33. Companies working in a dangerous industry (hazardous chemicals, explosives, power, etc.), you may want (or be required by law) to perform field exercises to assess and improve readiness. It’s not until a situation is unfolding, even in a simulated manner, where some problems with a plan come to light. Paper walk-throughs and functional exercises may leave knowledge gaps or plan problems that you just won’t know about until a real situation presents itself. Field exercises can reduce the risk of plan gaps but at a much greater expense of time and resources. For some companies, this investment makes sense. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 34. Full interruption test Like a field exercise, a full interruption test can be for the organization or just for specific systems within the organization. It activates all components of the plan and interrupts all mission-critical functions. The full interruption test will also activate the alternate work sites or facilities and off-site storage facilities, and the plan is actually implemented in whole. This type of full interruption test can be announced or unannounced. Clearly, an unannounced test simulates a real disruption or disaster more accurately than an announced test, but is also more disruptive. Most companies are unlikely to be willing to disrupt their operations long enough to perform a full interruption test. Training and Testing For Your Business Continuity And Disaster Recovery Plan
  • 35.  There are numerous reasons for testing the plan.  Clear reason is making sure the plan will work in the event of a real disruption or disaster.  Testing serves these purposes: • Checks for understanding of processes, procedures, and steps by those implementing the plan. • Validates the integration of tasks across the various business units and management functions. • Confirms the steps developed for each phase of the plan’s implementation. • Determines whether the right resources have been identified. • Familiarizes all involved parties with the overall process and flow of information. • Identifies gaps or weaknesses in the plan. • Determines cost and feasibility.  Training will test the plan. Testing BC/DR Plan
  • 36. Test evaluation criteria  Develop clear evaluation criteria for your tests before embarking on the testing phase.  Create test criteria by going through various checklists or steps in your BC/DR plan and create corresponding questions.  Example involving the notification step in the activation of the plan. 1. Was the primary team member able to begin the notification process successfully? 2. How many team members were contacted? 3. How long did it take to notify team members? 4. Were there any missing or incorrect phone numbers? 5. How many team members were contacted via their primary methods vs. alternate methods? Testing BC/DR Plan
  • 37. 6. How many team members were not on the notification list? 7. Were there any names on the notification list that should not have been? 8. Would this have worked if phone systems were out?  Create a set of questions for each phase of the plan and use these to evaluate the test results.  Measure the performance against the ability to complete each step, the thoroughness of each step, the effectiveness of each step, and the accuracy and validity of each step. Recommendations  Develop recommendations based on test results.  Recommendations results in modifications to the BC/DR plan, and other areas.  For example, you might find areas in which staff needs additional training. You might find through these tests that there are areas of the business not included in the plan. Testing BC/DR Plan
  • 38.  An audit is the systematic examination against defined criteria.  Companies are required to comply with laws or regulations, audits must be performed.  Audits may help your BC/DR planning and may need to be included in your plan. IT SYSTEMS AND SECURITY AUDITS  Auditing IT systems involves a set of tasks that help reduce the risk of an intrusion or attack.  Audits are concerned primarily with ensuring the company maintains data confidentiality, integrity, and availability, because these are the areas that typically come under attack.  The risks can disable a company’s critical business functions; it disables the company’s entire operations and creates a significant legal or financial liability for the firm as well. Performing IT Systems and Security Audits
  • 39.  An IT systems audit typically focuses on conducting a systematic evaluation of the security of various IT systems by measuring how well it conforms to established criteria or requirements.  It includes an assessment or review of the network and systems’ physical configuration and environment, the configuration of the software, the handling (storage, transport, access, etc.) of data, sensitive data in particular, and user access.  Security audits are often performed in conjunction with compliance efforts.  Hardening systems is a risk mitigation strategy that is employed by virtually every company using IT systems today.  Hardening systems, consists of taking actions to minimize the attack footprint of a system or network. Performing IT Systems and Security Audits
  • 40.  This includes actions such as removing network protocols not in use, disabling ports or services not being used, removing unused user accounts, reducing permissions to the least possible, and automating the updating of antivirus and antispyware data files, to name just a few examples.  Systems auditing include several key elements: • Ensuring IT risk mitigation strategies are in place and properly implemented/configured. • Ensuring systems identified by the BC/DR plan are still in place and functioning. • Identifying areas where new technology has been implemented and may not be incorporated into the BC/DR plan. • Identifying areas where technology has been retired or modified, resulting in the need to revise the BC/DR plan. • Reviewing the processes identified in the BC/DR plan with respect to IT systems to ensure the steps and processes are still correct, complete, and relevant. Performing IT Systems and Security Audits
  • 41. • Verifying IT incident response team (CIRT, CERT) is intact with clear understanding of roles, responsibilities, and how to implement the IT-specific segments of the BC/DR plan. • Reviewing data regarding various systems to ensure they are compliant with the BC/DR plans. These systems include operating systems, networking and telecommunications equipment, database and applications, systems backups, security controls, integration, and testing. Any of these areas is subject to frequent change.  An audit can help assure the BC/DR plan will still work if implemented.  Key is to identify how IT systems have changed (or remained the same) and assess how and where that impacts the BC/DR plan.  Most IT systems are not static and even gradual changes over time can end up creating a significant change to the way a BC/DR plan must be implemented. Performing IT Systems and Security Audits