Business Continuity Plan and Disaster Recovery Plan

advertisement
BUSINESS CONTINUITY PLAN AND
DISASTER RECOVERY PLAN
Abdulrahim Al-Abri
OUTLINE
Definitions
 BCP Phases

Project Management and intonation
 Conduct Business Impact Analysis
 Recovery Strategies
 Plan Design and Development
 Testing, maintenance, awareness and training

DEFINITIONS
Business Continuity: can refer to managed
strategy considering plans, procedures and
technical controls that make recovery of IT
systems, business operations, and data possible
after a disruption.
 Recovery for:

• IT operations in alternative site.
• IT operations using alternative
hardware/software

BC standards: ISO27002, ITIL, (ISC)2 , BS25999,
ISO/PAS 22399
BCP PHASES
 Project
Management and intonation
 Conduct Business Impact Analysis
 Recovery Strategies
 Plan Design and Development
 Testing, maintenance, awareness and
training
PROJECT MANAGEMENT AND
INTONATION
Developing and approval of BCP policy
 Define
BCP committee: operational units
representatives, senior management, IT security,
IT specialized experts, and optionally support
units like (technical affairs)
 Define BCP project scope and objectives
 Provide
the necessary project funds and
recourses

BUSINESS IMPACT ANALYSIS
Collect data through interviews, survey,
documenting business functions, transactions.
activities,
 Develop hierarchy of business functions and
apply a classification scheme to indicate each
individual function’s criticality level.
 Identify the resources that these functions
depend upon
 Calculate Maximum Tolerable Time (MTD) for
these functions
 Identify vulnerabilities and threats to these
functions

BUSINESS IMPACT ANALYSIS CONT.
Calculate risk for each different business
function
 Document findings and report them to
management

RECOVERY STRATEGIES


Business process recovery
Facility recovery
Site
Cost
Hardware Equipment Telecommunications
Setup Time
Location
Cold Site
Low
None
None
Long
Fixed
Warm Site
Medium
Partial
Partial/Full
Medium
Fixed
Hot Site
Medium/High
Full
Full
Short
Fixed
Mobile Site
High
Dependent
Dependent
Dependent
Not Fixed
Mirrored
Site
High
Full
Full
None
Fixed
RECOVERY STRATEGIES CONT

Supply and technology recovery
Network and computer equipment
 Voice and data communications resources
 Human resources
 Transportation of equipment and personnel
 Environment issues (HVAC)
 Data and personnel security issues
 Supplies (paper, forms, cabling, and so on)
 Documentation


Data recovery

Restoring Backed-up data
Plan Design and Development
All finding and decisions should be developed and
documented.
 Submission of document for approval
 Also, this phase define the execution procedure
for the plan.

Testing, maintenance, awareness and
training
This step to test that your decisions are suitable
and correct.
 Type of tests:

Checklist Test
 Structured Walk-Through Test
 Simulation Test
 Parallel Test
 Full-Interruption Test

TESTING, MAINTENANCE, AWARENESS AND
TRAINING CONT.

Maintaining the plan:






Make business continuity a part of every business decision.
Insert the maintenance responsibilities into job descriptions.
Perform internal audits that include disaster recovery and
continuity
documentation and procedures to update the plan.
Integrate the BCP into the change management process
Training and awareness program should be
included in the BCP planning process.
QUESTIONS
Download