CIS 502 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING

Topics: Business continuity planning, Disaster recovery, Project management Pages: 10 (1114 words) Published: June 7, 2015
Business Continuity and
Disaster Recovery Planning

Definition
Disaster: is a natural or man-caused event that

damages property and assets, injures or kills
people, and impairs the ability for organizations
to continue operating.
Business Continuity Planning: is the set of
activities required to ensure the continuation of
critical business processes when a disaster
occurs.
Disaster Recovery Planning: is the set of
activities concerned with the assessment,
salvage, repair, and restoration of damaged
facilities and assets that support critical business
processes.

Two Main Kind of Categories of
Disaster
Natural Disaster
Geological
Meteorological
Other
Health

Man-Made Disasters
Labor
Social-Political
Material
Utilities

How Disaster affect
Business?
Direct Damage
Transportation
 Supply Disruption
 Customer Disruption
 Employee Disruption

Communication
Utilities

Contingency Planning
Process

High Level Contingency and Disaster
Recovery Planning Strategy
• Develop the Business Contingency Planning








Policy and Business Process Priorities
Conduct a Risk Assessment
Conduct the Business Impact Analysis (BIA)
Develop Business Continuity and Recovery
Strategies
Develop Business Continuity Plans
Conduct awareness, testing, and training of the
DRP
Conduct Disaster Recovery Plan maintenance
and exercise
Identify business processes

Industry Standards
ISO 27001 : Requirements for Information

Security Management Systems. Section 14
addresses business continuity management.
ISO 27002: Code of Practice for Business

Continuity Management.

Industry Standards
NIST 800-34
 Contingency planning



NFPA 1600

 Standard on

guide for information

Disaster/Emergency

Technology systems.

management and

 Seven steps process for

BCP and DRP projects.
 From U.S. national

Institute for Standards
and Technology.

business community
program.
 From U.S. National Fire

protection association.

Industry Standards
NFPA 1620: The recommended practice for

Pre-incident planning.
HIPAA: Requires a documented and tested
disaster recovery plan.
 U.S. Health Insurance portability

and Accountability Act.

Why BCP/DRP and BCP/DRP
Project
The goal of BCP/DRP is not prevention of the

disaster itself.
BCP/DRP is about:
 Continuation of critical business processes when

a disaster destroys data processing capabilities
 Preparation, testing and maintenance of specific
actions to recover normal processing
BCP/DRP is an ongoing project it is not a project

with beginning and end.
Creating a BCP/DRP requires:
 Support of senior management
 Must include both business and IT personnel

BCP/DRP Project
PRE_PROJECT ACTIVITY:
Obtaining executive support
 Because

BCP/DRP is resource intensive, budget, staffing, a year-to year support for the maintenance of the plan is necessary. This is secured through obtaining executive support.

Formally defining the scope of the project
 Defines

what parts of the organization are included in the project and what parts are excluded from the project.

Choosing project team members
 In

choosing a project team there should be a balance between getting good talent for the project team vs maintaining enough support for day to day operations.

Developing a project charter
 Is

where preparation items are to be documented prior to the actual start of the project. It should contain:
Purpose of the BCP/DRP project
Executive sponsorship
Scope
Budget
Principle team members

BCP/DRP Project
There are five phases in developing BCP/DRP

project:
 Project management & initiation
Establish needs, work plan and get management support
and approval
 Business Impact Analysis (BIA)
Analysis of criticality of each of the organization business

process, and obtain formal agreement with senior...

References: Gregory, P. (2010). CISSP Guide to Security
Essentials
DHS (2012). Business Continuity Plan. Last updated
on 12/19/2012 Retrieved on 07/20/2014 from
FEMA (2012). Continuity of Operations. Retrieved on
07/20/2014 from
July 22, 2014, from http://www.sans.org/readingroom/whitepapers/recovery/disaster-recovery-plantesting-cycle-plan-plan-cycle-563
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Essay about Business Continuity and Disaster Recovery
  • BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN Essay
  • Essay about The Importance of Business Continuity & Disaster Recovery: Telecommunications Infrastructure
  • Disaster Recovery Planning Essay
  • Business Continuity Planning Essay
  • Disaster Recovery Plan vs Business Continuity Plan Essay
  • Importance of Risk Assessment in Business Continuity and Disaster Recovery Planning Essay
  • Essay on Report on Continuity Planning Overview

Become a StudyMode Member

Sign Up - It's Free