Bharath Rao, profile picture
Uploaded byBharath Rao
PPTX, PDF15,297 views

Business Continuity Planning

The document outlines the processes and strategies involved in business continuity planning (BCP) and disaster recovery planning (DRP), emphasizing the importance of having a practical plan to restore operations following a disaster. It details the lifecycle of BCP/DRP, including risk assessment, recovery strategies, types of plans, and the significance of regular testing and updates. Additionally, it discusses the various types of backup options and alternative processing facilities that organizations can utilize to ensure operational resilience.

Embed presentation

Downloaded 783 times
BUSINESS CONTINUITY PLANNING / DISASTER RECOVERY PLANNING Bbharathrao.wordpress.com
Bbharathrao.wordpress.com Business Continuity Plan BCP is the creation and validation of a practical logistical plan for how an organization will recover and restore partially or completely within a predetermined time after a disaster has occurred.
Bbharathrao.wordpress.com GENERAL CONCEPT A common man’s view
Bbharathrao.wordpress.com Business Continuity Planning Lifecycle
Bbharathrao.wordpress.com Need for BCP/DRP
Bbharathrao.wordpress.com Objectives Goals Areas Minimize loss by Minimizing the cost associated with disruptions Identify weaknesses Business Resumption Planning Enable the Organization to survive a disaster Minimize the duration of a serious disruption to b/s operations Disaster Recovery Planning Facilitate effective co-ordination of recovery tasks Crisis Management Reduce the complexity of the recovery effort
Bbharathrao.wordpress.com Developing a BCP
Bbharathrao.wordpress.com Initiate Obtain understanding of the existing and projected systems Establish a ‘Steering Committee’ Develop a Master Schedule and milestones
Bbharathrao.wordpress.com Perform Risk Assessment
Bbharathrao.wordpress.com Choose Recovery Strategy Plan Development • Determine all available options and strategies • Business – Logistics, HR, Accounting • Technical – IT (Client – Server, Mainframes, Databases, Networks Identify Recovery Strategy • Recovery plan components and standards are defined, developed and documented • Define notification procedures • Establish Business recovery teams for each CBS
Bbharathrao.wordpress.com Test and Validate • Validate the BCP • Develop and document contingency test plans • Prepare and execute tests • Maintenance • Update disaster recovery plans and procedures
Bbharathrao.wordpress.com Working of a BCP Process
Bbharathrao.wordpress.com Differentiation of BCP and DRP Business Continuity Plan: It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity. It addresses the recovery of a company’s critical business functions after an interruption Disaster Recovery Plan: It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function
Bbharathrao.wordpress.com Types of Disaster Recovery Plans Emergency Plan Backup Plan It specifies actions to be undertaken when the disaster happen It specifies the type of backup to be kept, frequency of backup to be undertaken, procedures, location, personnel, priorities assigned and a time frame Identification of situations which requires plan to be invoked It needs continuous updates as changes occur
Bbharathrao.wordpress.com Types of Disaster Recovery Plans Recovery Plan Test Plan It specifies procedures to restore full information system capabilities Final Component Formation of a recovery committee, specify responsibilities and guidelines for proper functioning Identification of deficiencies in the emergency, backup or recovery plans or tin the preparation of an organization for facing a disaster
Bbharathrao.wordpress.com Threats and Risk Management •Lack of Integrity •Lack of Confidentiality •Unauthorized Access •Hostile Software •Disgruntled Employees •Hackers and computer crimes •Terrorism and Industrial espionage
Bbharathrao.wordpress.com Types of Backup Full Backup Incremental Backup Differential Backup Mirror Backup IT captures all files on the disk or within the folder selected for backup It captures files that were created or changed since the last backup, regardless the backup type It stores files that have changed since the last full backup. It is identical to a full backup, with the exception that the files are not compressed in zip files and they cannot be protected with a password
Bbharathrao.wordpress.com Alternative Processing Facility Arrangements It is useful when the organization can tolerate some downtime Organization requires minimum facilities at an alternative location to run its regular operations It is inexpensive Cold site Useful when fast recovery is critical Organization requires all the facilities at an alternative location It is expensive Hot site
Bbharathrao.wordpress.com Provides intermediate level of backup Organization can tolerate some downtime Organization requires only essential facilities at an alternative location Warm Site Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster It is relatively cheap Each participant must maintain sufficient capacity to operate another’s critical system Reciprocal Agreement Alternative Processing Facility Arrangements
Bbharathrao.wordpress.com Insurance • The purpose of insurance is to spread the economic cost and risk loss from an individual or business to a large number of people. • Policies are contracts that obligate the insurer to indemnify the policyholder from specific risks in exchange of a premium • Adequate insurance coverage is a key consideration while developing a BRP/DRP and performing a risk analysis
Bbharathrao.wordpress.com Activities considered while testing BRP/DRP plan • Defining the boundaries • Scenario • Test Criteria • Assumptions • Briefing Session • Checklists • Analysing the test • Debriefing session
Bbharathrao.wordpress.com Audit of DR/BR plan • Based on the BIA • Key employees have participated in the development • Plan is simple and is realistic in assumptions • Review the existing DR/BR plan • Gather background info regarding its preparation • Does the DR/BR plan include provisions for personnel, building, utilities and transportation and IT • Does the BR/DR plan include contact details of of suppliers of essential equipment • Does the DR/BR plans include provisions for the approval to expend funds that were not budgeted for the period? Recovery may be costly
Bbharathrao.wordpress.com Sources • ISCA Study Material – Volume 1 – ICAI Publication • Comprehensive Guide on Information Systems Audit – Volume II – Commissioned by IT Committee of ICAI • Guide to Implementing Enterprise Risk Management – Internal Standards Board - ICAI • Information Systems Control Audit – Prof.Jignesh Chhedda – VORA Book Agency
Bbharathrao.wordpress.com Thanks Bharath Rao B +919611319421 b.bharath.r@gmail.com /bharathraob Bbharathrao.wordpress.com

More Related Content

PPTX
Business continuity
byAlka Mehar
 
PPTX
Business Continuity Planning Presentation
byThe Chamber For a Greater Chapel Hill-Carrboro
 
PPT
What is business continuity planning-bcp
byAdv Prashant Mali
 
PPT
Business Continuity Planning Presentation Overview
byBob Winkler
 
PPTX
Bcp
bymadunix
 
PPTX
Business Continuity Management
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Business continuity planning and disaster recovery
byKrutiShah114
 
PDF
Introduction to Business Continuity Management
byProf. David E. Alexander (UCL)
 
Business continuity
byAlka Mehar
 
Business Continuity Planning Presentation
byThe Chamber For a Greater Chapel Hill-Carrboro
 
What is business continuity planning-bcp
byAdv Prashant Mali
 
Business Continuity Planning Presentation Overview
byBob Winkler
 
Bcp
bymadunix
 
Business Continuity Management
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Business continuity planning and disaster recovery
byKrutiShah114
 
Introduction to Business Continuity Management
byProf. David E. Alexander (UCL)
 

What's hot

PPT
What’s & Why’s of Business Continuity Planning (BCP)
byCBIZ, Inc.
 
PPTX
Business Continuity Planning
bygcleary
 
PPTX
Business continuity & disaster recovery planning (BCP & DRP)
byNarudom Roongsiriwong, CISSP
 
PDF
Business continuity management system
bysubbusai82
 
PDF
Business Continuity Planning
byalanlund
 
PPTX
Business Continuity Management
byDiane Christina
 
PPT
Business Continuity Workshop Final
byBill Lisse
 
PDF
Developing and Managing Business Continuity Plan (BCP)
byGoutama Bachtiar
 
PDF
Business Continuity Management
byECC International
 
PDF
Business Continuity Planning
byJohn Wilson
 
PPTX
Risk and Business Continuity Management
byContinuity and Resilience
 
PPTX
Business Continuity & Disaster Recovery
byEC-Council
 
PPT
Disaster Recovery Plan for IT
byhhuihhui
 
PPSX
BCMS Presentation1
bybarbytee
 
PPT
BUSINESS CONTINUITY PLANNING
byHealth Informatics New Zealand
 
PDF
Disaster Recovery Planning
byJohn Wilson
 
PPTX
Business continuity & Disaster recovery planing
byHanaysha
 
PDF
Building a business impact analysis (bia) process a hands on blueprint
byluweinet
 
PPTX
Disaster Recovery Plan / Enterprise Continuity Plan
byMarcelo Silva
 
PPT
Business Impact Analysis
bydlfrench
 
What’s & Why’s of Business Continuity Planning (BCP)
byCBIZ, Inc.
 
Business Continuity Planning
bygcleary
 
Business continuity & disaster recovery planning (BCP & DRP)
byNarudom Roongsiriwong, CISSP
 
Business continuity management system
bysubbusai82
 
Business Continuity Planning
byalanlund
 
Business Continuity Management
byDiane Christina
 
Business Continuity Workshop Final
byBill Lisse
 
Developing and Managing Business Continuity Plan (BCP)
byGoutama Bachtiar
 
Business Continuity Management
byECC International
 
Business Continuity Planning
byJohn Wilson
 
Risk and Business Continuity Management
byContinuity and Resilience
 
Business Continuity & Disaster Recovery
byEC-Council
 
Disaster Recovery Plan for IT
byhhuihhui
 
BCMS Presentation1
bybarbytee
 
BUSINESS CONTINUITY PLANNING
byHealth Informatics New Zealand
 
Disaster Recovery Planning
byJohn Wilson
 
Business continuity & Disaster recovery planing
byHanaysha
 
Building a business impact analysis (bia) process a hands on blueprint
byluweinet
 
Disaster Recovery Plan / Enterprise Continuity Plan
byMarcelo Silva
 
Business Impact Analysis
bydlfrench
 

Viewers also liked

PDF
Business Continuity Plan
byPlash Chowdhary
 
PPTX
Business continuity overview slideshare
byChris Greenhill
 
PPTX
The A to Z Guide to Business Continuity and Disaster Recovery
bySirius
 
PPT
Disaster Recovery Presentation
byTimSchaefer
 
PPTX
An Introduction to Disaster Recovery Planning
byNEBizRecovery
 
PDF
ISO 22301: The New Standard for Business Continuity Best Practice
byMissionMode
 
PDF
Business Continuity Planning Seminar
bycmckinney
 
PPTX
Toward an organizational E-readiness Model
byaqel aqel
 
PDF
Bcp drp
byaqel aqel
 
PPT
Business continuity planning
bySandeep Kashyap
 
PPTX
BCI Guidelines & Horizon Scan 2016
byChristopher Rivera
 
PPT
Experts Exchange - Disaster Recovery & Business Continuity Planning
byExperts Exchange
 
PPTX
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
byContinuity and Resilience
 
PPT
Business Continuity Plan (Introduction)
byHafiza Abas
 
Business Continuity Plan
byPlash Chowdhary
 
Business continuity overview slideshare
byChris Greenhill
 
The A to Z Guide to Business Continuity and Disaster Recovery
bySirius
 
Disaster Recovery Presentation
byTimSchaefer
 
An Introduction to Disaster Recovery Planning
byNEBizRecovery
 
ISO 22301: The New Standard for Business Continuity Best Practice
byMissionMode
 
Business Continuity Planning Seminar
bycmckinney
 
Toward an organizational E-readiness Model
byaqel aqel
 
Bcp drp
byaqel aqel
 
Business continuity planning
bySandeep Kashyap
 
BCI Guidelines & Horizon Scan 2016
byChristopher Rivera
 
Experts Exchange - Disaster Recovery & Business Continuity Planning
byExperts Exchange
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
byContinuity and Resilience
 
Business Continuity Plan (Introduction)
byHafiza Abas
 

Similar to Business Continuity Planning

PPT
Disaster Biz Resumpt
byJimGroark
 
PPT
Business continuity and disaster recovery
byAdeel Javaid
 
PPT
IT Business Continuity Planning 2004
byDonald E. Hester
 
PPT
Disaster recovery presentation for the servers
byJohnsonPackiyaraj1
 
ODP
Cissp Week 24
byjemtallon
 
PPTX
Building a Business Continuity Capability
byRod Davis
 
PPTX
Risk crisis nad management
byPasangdolmoTamang
 
PPT
Drp For Menora
byPini Cohen
 
PPT
Apdip disaster mgmt
bysrinivasan gopalan
 
ODP
Network Admin D R P
bycolmbennett
 
PPSX
Don’t wait for Disaster to Strike! Be Prepared with Business Continuity Plans
bySRIIA Technologies, Inc.
 
PPT
Misd chap 12 disaster recovery
byEdiey Smile
 
PPT
009.itsecurity bcp v1
byMohammad Ashfaqur Rahman
 
PPT
Risk Based Approach To Recovery And Continuity Management John P Morency
byjmorency1952
 
PPT
Disaster Recovery NTC 2010
byAbila
 
PPTX
Ultan kinahan dr - minasi 2010
byNathan Winters
 
PDF
OSBConf 2016: Building a Business Continuity Plan with Bareos and Rear - by G...
byNETWAYS
 
PDF
Business Continuity Planning with Bareos and rear (Loadays 2015)
byGratien D'haese
 
PDF
Business continuity & disaster recovery
byGeorge Coutsoumbidis
 
PPTX
Business continuity
byabhijeethele15
 
Disaster Biz Resumpt
byJimGroark
 
Business continuity and disaster recovery
byAdeel Javaid
 
IT Business Continuity Planning 2004
byDonald E. Hester
 
Disaster recovery presentation for the servers
byJohnsonPackiyaraj1
 
Cissp Week 24
byjemtallon
 
Building a Business Continuity Capability
byRod Davis
 
Risk crisis nad management
byPasangdolmoTamang
 
Drp For Menora
byPini Cohen
 
Apdip disaster mgmt
bysrinivasan gopalan
 
Network Admin D R P
bycolmbennett
 
Don’t wait for Disaster to Strike! Be Prepared with Business Continuity Plans
bySRIIA Technologies, Inc.
 
Misd chap 12 disaster recovery
byEdiey Smile
 
009.itsecurity bcp v1
byMohammad Ashfaqur Rahman
 
Risk Based Approach To Recovery And Continuity Management John P Morency
byjmorency1952
 
Disaster Recovery NTC 2010
byAbila
 
Ultan kinahan dr - minasi 2010
byNathan Winters
 
OSBConf 2016: Building a Business Continuity Plan with Bareos and Rear - by G...
byNETWAYS
 
Business Continuity Planning with Bareos and rear (Loadays 2015)
byGratien D'haese
 
Business continuity & disaster recovery
byGeorge Coutsoumbidis
 
Business continuity
byabhijeethele15
 

More from Bharath Rao

PPTX
AI Unpacked: Unlocking AI's True Potential
byBharath Rao
 
PPTX
Let the games begin - Insights into the Gaming Industry
byBharath Rao
 
PDF
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
byBharath Rao
 
PPTX
Going global while being local
byBharath Rao
 
PDF
The Next Gen Auditor - Auditing through technological disruptions
byBharath Rao
 
PPTX
Big data, Machine learning and the Auditor
byBharath Rao
 
PPTX
Base Erosion and Profit Shifting
byBharath Rao
 
PPTX
Chartered Accountant going Global
byBharath Rao
 
PPTX
Forex markets
byBharath Rao
 
PPTX
Internal Controls over Financial Reporting in the Indian Context
byBharath Rao
 
PPTX
Big Data Analytics and a Chartered Accountant
byBharath Rao
 
DOCX
IS Audits and Internal Controls
byBharath Rao
 
DOCX
Cloud Computing - Emerging Opportunities in the CA Profession
byBharath Rao
 
DOCX
Internal Controls over Indian Financial Reporting
byBharath Rao
 
DOCX
Big data - The next best thing
byBharath Rao
 
PPTX
Physical and logical access controls - A pre-requsite for Internal Controls
byBharath Rao
 
PPTX
Standards of Auditing - Introduction and Application in the Indian Context
byBharath Rao
 
PPTX
Life of the software - SDLC
byBharath Rao
 
DOCX
The CIA Triad - Assurance on Information Security
byBharath Rao
 
PPTX
IS Audit and Internal Controls
byBharath Rao
 
AI Unpacked: Unlocking AI's True Potential
byBharath Rao
 
Let the games begin - Insights into the Gaming Industry
byBharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
byBharath Rao
 
Going global while being local
byBharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
byBharath Rao
 
Big data, Machine learning and the Auditor
byBharath Rao
 
Base Erosion and Profit Shifting
byBharath Rao
 
Chartered Accountant going Global
byBharath Rao
 
Forex markets
byBharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
byBharath Rao
 
Big Data Analytics and a Chartered Accountant
byBharath Rao
 
IS Audits and Internal Controls
byBharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
byBharath Rao
 
Internal Controls over Indian Financial Reporting
byBharath Rao
 
Big data - The next best thing
byBharath Rao
 
Physical and logical access controls - A pre-requsite for Internal Controls
byBharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
byBharath Rao
 
Life of the software - SDLC
byBharath Rao
 
The CIA Triad - Assurance on Information Security
byBharath Rao
 
IS Audit and Internal Controls
byBharath Rao
 

Recently uploaded

PDF
17 Guide to Buying Verified Binance Accounts in the US.pdf
byhttps://pvaisback.com/product/buy-old-gmail-accounts/
 
DOCX
How To Buy LinkedIn Accounts – 100% PVA, Aged & Bulk..docx
byhttps://pvaallit.com/product/buy-old-gmail-accounts/
 
PDF
How to Buy Old Gmail Accounts – Verified & Secure.pdf
bymarketing
 
PDF
enterprise software is not dead and here is why
bywangbin26
 
PDF
Kirill Klip GEM Royalty TNR Gold Lithium Presentation
byKirill Klip
 
PDF
Buy Proton Mail Accounts _ Secure Email Accounts In 2026.pdf
byhttps://pvaallit.com/product/buy-verified-apple-pay-accounts/
 
PDF
_The Ultimate Guide to Buying Twitter Accounts Safely.pdf
byp7u0tz3g7favwxkjrlwm
 
PDF
Camil Institutional Presentation_Dez25.pdf
byCAMILRI
 
PDF
Benefits Quarterly, Vol. 37, Fourth Quarter 2021.pdf
byHenry Tapper
 
PDF
Vision.pdf TPR document on trusteeship and governance
byHenry Tapper
 
PDF
_5 Trusted Strategies to Buy Verified Wise Accounts Safely & Legally.pdf
byBuy Verified Wise Accounts
 
PDF
Top 1 0 Websites to Buy Verified Transfer Remitly Accounts ....pdf
byBusiness
 
PPTX
Keynote: The Modern CMO: Architect of Growth. Guardian of Credibility.
byArmis Inc
 
PDF
Best Top 3 Sites to Buy Google Reviews (5-Star & Non-Drop).pdf
byhttps://pvaallit.com/product/buy-google-5-star-reviews/
 
PDF
BendelPuertoRicoCubaGuyanaVenezuelaPetroleumRefineryPetrochemicalPetroAgroInd...
byOsaJOkundayeODMDFAAO
 
PDF
Equinox Gold - January Investor Presentation.pdf
byEquinox Gold Corp.
 
PDF
Best 9 Sites to Buy Hotmail Accounts (Aged & PVA).pdf
byhttps://pvaallit.com/product/buy-google-5-star-reviews/
 
PPTX
PDYN Investor Presentation - January 2026.pptx
byPalladyne AI
 
DOCX
Fast Delivery of Real Buy Twitter Accounts Available in 2026.docx
byBusiness
 
PDF
Nicky Oppenheimer World Economic Forum Jan 2000
byJames AH Campbell
 
17 Guide to Buying Verified Binance Accounts in the US.pdf
byhttps://pvaisback.com/product/buy-old-gmail-accounts/
 
How To Buy LinkedIn Accounts – 100% PVA, Aged & Bulk..docx
byhttps://pvaallit.com/product/buy-old-gmail-accounts/
 
How to Buy Old Gmail Accounts – Verified & Secure.pdf
bymarketing
 
enterprise software is not dead and here is why
bywangbin26
 
Kirill Klip GEM Royalty TNR Gold Lithium Presentation
byKirill Klip
 
Buy Proton Mail Accounts _ Secure Email Accounts In 2026.pdf
byhttps://pvaallit.com/product/buy-verified-apple-pay-accounts/
 
_The Ultimate Guide to Buying Twitter Accounts Safely.pdf
byp7u0tz3g7favwxkjrlwm
 
Camil Institutional Presentation_Dez25.pdf
byCAMILRI
 
Benefits Quarterly, Vol. 37, Fourth Quarter 2021.pdf
byHenry Tapper
 
Vision.pdf TPR document on trusteeship and governance
byHenry Tapper
 
_5 Trusted Strategies to Buy Verified Wise Accounts Safely & Legally.pdf
byBuy Verified Wise Accounts
 
Top 1 0 Websites to Buy Verified Transfer Remitly Accounts ....pdf
byBusiness
 
Keynote: The Modern CMO: Architect of Growth. Guardian of Credibility.
byArmis Inc
 
Best Top 3 Sites to Buy Google Reviews (5-Star & Non-Drop).pdf
byhttps://pvaallit.com/product/buy-google-5-star-reviews/
 
BendelPuertoRicoCubaGuyanaVenezuelaPetroleumRefineryPetrochemicalPetroAgroInd...
byOsaJOkundayeODMDFAAO
 
Equinox Gold - January Investor Presentation.pdf
byEquinox Gold Corp.
 
Best 9 Sites to Buy Hotmail Accounts (Aged & PVA).pdf
byhttps://pvaallit.com/product/buy-google-5-star-reviews/
 
PDYN Investor Presentation - January 2026.pptx
byPalladyne AI
 
Fast Delivery of Real Buy Twitter Accounts Available in 2026.docx
byBusiness
 
Nicky Oppenheimer World Economic Forum Jan 2000
byJames AH Campbell
 

Business Continuity Planning

  • 1.
    BUSINESS CONTINUITY PLANNING /DISASTER RECOVERY PLANNING Bbharathrao.wordpress.com
  • 2.
    Bbharathrao.wordpress.com Business Continuity Plan BCPis the creation and validation of a practical logistical plan for how an organization will recover and restore partially or completely within a predetermined time after a disaster has occurred.
  • 3.
  • 4.
  • 5.
  • 6.
    Bbharathrao.wordpress.com Objectives Goals Areas Minimizeloss by Minimizing the cost associated with disruptions Identify weaknesses Business Resumption Planning Enable the Organization to survive a disaster Minimize the duration of a serious disruption to b/s operations Disaster Recovery Planning Facilitate effective co-ordination of recovery tasks Crisis Management Reduce the complexity of the recovery effort
  • 7.
  • 8.
    Bbharathrao.wordpress.com Initiate Obtain understanding ofthe existing and projected systems Establish a ‘Steering Committee’ Develop a Master Schedule and milestones
  • 9.
  • 10.
    Bbharathrao.wordpress.com Choose Recovery Strategy PlanDevelopment • Determine all available options and strategies • Business – Logistics, HR, Accounting • Technical – IT (Client – Server, Mainframes, Databases, Networks Identify Recovery Strategy • Recovery plan components and standards are defined, developed and documented • Define notification procedures • Establish Business recovery teams for each CBS
  • 11.
    Bbharathrao.wordpress.com Test and Validate •Validate the BCP • Develop and document contingency test plans • Prepare and execute tests • Maintenance • Update disaster recovery plans and procedures
  • 12.
  • 13.
    Bbharathrao.wordpress.com Differentiation of BCPand DRP Business Continuity Plan: It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity. It addresses the recovery of a company’s critical business functions after an interruption Disaster Recovery Plan: It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function
  • 14.
    Bbharathrao.wordpress.com Types of DisasterRecovery Plans Emergency Plan Backup Plan It specifies actions to be undertaken when the disaster happen It specifies the type of backup to be kept, frequency of backup to be undertaken, procedures, location, personnel, priorities assigned and a time frame Identification of situations which requires plan to be invoked It needs continuous updates as changes occur
  • 15.
    Bbharathrao.wordpress.com Types of DisasterRecovery Plans Recovery Plan Test Plan It specifies procedures to restore full information system capabilities Final Component Formation of a recovery committee, specify responsibilities and guidelines for proper functioning Identification of deficiencies in the emergency, backup or recovery plans or tin the preparation of an organization for facing a disaster
  • 16.
    Bbharathrao.wordpress.com Threats and RiskManagement •Lack of Integrity •Lack of Confidentiality •Unauthorized Access •Hostile Software •Disgruntled Employees •Hackers and computer crimes •Terrorism and Industrial espionage
  • 17.
    Bbharathrao.wordpress.com Types of Backup FullBackup Incremental Backup Differential Backup Mirror Backup IT captures all files on the disk or within the folder selected for backup It captures files that were created or changed since the last backup, regardless the backup type It stores files that have changed since the last full backup. It is identical to a full backup, with the exception that the files are not compressed in zip files and they cannot be protected with a password
  • 18.
    Bbharathrao.wordpress.com Alternative Processing Facility Arrangements Itis useful when the organization can tolerate some downtime Organization requires minimum facilities at an alternative location to run its regular operations It is inexpensive Cold site Useful when fast recovery is critical Organization requires all the facilities at an alternative location It is expensive Hot site
  • 19.
    Bbharathrao.wordpress.com Provides intermediate level ofbackup Organization can tolerate some downtime Organization requires only essential facilities at an alternative location Warm Site Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster It is relatively cheap Each participant must maintain sufficient capacity to operate another’s critical system Reciprocal Agreement Alternative Processing Facility Arrangements
  • 20.
    Bbharathrao.wordpress.com Insurance • The purposeof insurance is to spread the economic cost and risk loss from an individual or business to a large number of people. • Policies are contracts that obligate the insurer to indemnify the policyholder from specific risks in exchange of a premium • Adequate insurance coverage is a key consideration while developing a BRP/DRP and performing a risk analysis
  • 21.
    Bbharathrao.wordpress.com Activities considered while testingBRP/DRP plan • Defining the boundaries • Scenario • Test Criteria • Assumptions • Briefing Session • Checklists • Analysing the test • Debriefing session
  • 22.
    Bbharathrao.wordpress.com Audit of DR/BRplan • Based on the BIA • Key employees have participated in the development • Plan is simple and is realistic in assumptions • Review the existing DR/BR plan • Gather background info regarding its preparation • Does the DR/BR plan include provisions for personnel, building, utilities and transportation and IT • Does the BR/DR plan include contact details of of suppliers of essential equipment • Does the DR/BR plans include provisions for the approval to expend funds that were not budgeted for the period? Recovery may be costly
  • 23.
    Bbharathrao.wordpress.com Sources • ISCA StudyMaterial – Volume 1 – ICAI Publication • Comprehensive Guide on Information Systems Audit – Volume II – Commissioned by IT Committee of ICAI • Guide to Implementing Enterprise Risk Management – Internal Standards Board - ICAI • Information Systems Control Audit – Prof.Jignesh Chhedda – VORA Book Agency
  • 24.

Editor's Notes

  • #2 What would have happened if Facebook is hacked? Imagine you are the creator of facebook – mark zukerbergExtent of disaster and time taken to continue the businessControls of last resort
  • #3 Planning is an activity performed before the disaster occurs Disaster is an Resulting outrage from disaster can have serious effects on the viability of firm’s operations, profitability, quality of service and convenienceDue to inadequate planningUnderstanding risks to operations and the measures that can minimize the risks and formulate DRP/BCPTake examples of fb disaster. Also quote twitter disaster too
  • #5 The whole presentation in a nutshellBasically the steps involved in formulating a BCPInitiate Perform Risk Assessment  Choose Recovery Strategy  Test and Validate
  • #7 Objectives:Primary Objective – Minimize loss……. – Minimize costs  Planning(assessing risks), Minimizing Losses that ariseEnable organization to survive a disaster – Assure that critical operations can resume normal processing within a reasonable time frame.
  • #9 Understand the core and critical business processes and forecasted processesSteering Committee has a overall responsibility for providing direction and guidance to the bcp teamNext is Risk assessment
  • #10 Similar to SA:315 and SA:330 but those relates to Financial statements of a entityRisks refer to those uncertanities of outcome, whether an opportunity or threat, arising out of actions and events or they are those uncertanities which impede the achievement of the objectiveA thorough assessment of the system’s security and communication environment should be completed including personnel practices; physical security; operating procedures; backup and contingency planning; systems development and maintenance; database security etcBIA helps to understand the degree of potential loss which could occur. This would also include issues as reputation damage, regulatory effects etc
  • #11 Plan Development tasks would include identification of:Organizational risks, CBS, risks w.r.t terms of outrage and financial impactIdentify maximum allowable downtime, type and quantity of resources required for recoveryCan be done through: questionnaires, workshops, interviews, examination of documentsHave a detailed definition of requirements – develop a profile of recovery requirements – software, hardware, documents(user, procedures), outside support (public network), personnel
  • #12 Goals are setAlternative testing strategies are evaluatedThere is no assurance that in the event when plan is activated, the organization would surviveEnsure that the recovery procedures are complete and workableCompetence of personnel and various resources function properly during recoverySuccess or failure of the business continuity training program is monitoredMaintenance of the plans is critical to the success of actual recoveryMust adapt to changes to the environmentRevisions should be made accordingly
  • #13 Start from Business Risk Impact Assessment
  • #17 Objective is to minimize threats Hence essential to evaluate potential threats to the systemIntergrity:
  • #21 Policies usually can be obtained to cover the following resourcesStorage mediaAccounts receivableFacilitiesEquipmentMalpractice, errorsValuable paper and recordsMedia transportationBusiness interruption
  • #22 Test boundaries are requied to satisfy the disaster recovery strategies. Management team must consider future test criteria to meet the end objectives. Opportunities to test actual recovery provcedures should be done wherever possibleSecnario: eg the scenario must outline what caused the disaster and the level of damage and whether or not anything can be salvaged purpose is to explain to all the participants the cause of the disaster and the planned recovery pointsTest criteria: Role of the observer is to give an unbiased view and to comment on the area of success or concern to assist in future testingAssumptions: eg all purchases (equipment, furniture etc) can be made in the recovery time requiredBriefing session: no matter is necessary. Boundaries are explained and opportunities to discuss any technical uncertanities are providedAnalysing the test: constructive analysis of each test and its result will lead to an effective recovery plan