Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Business Continuity Template

advertisement 
[INSERT PROJECT NAME]
B U S IN E S S C ON TIN U I TY PLA N
EXECUTIVE SPONSOR – [INSERT NAME]
BUSINESS OWNER - [INSERT NAME]
PROJECT MANAGER – [INSERT NAME]
ORIGINAL PLAN DATE: [INSERT DATE, SPELLED OUT]
REVISION DATE: [INSERT DATE, SPELLED OUT]
REVISION: [INSERT NUMBER]
Business Continuity
ABOUT THIS DOCUMENT
This document identifies ten (10) sections that describe the minimum requirements that an agency must
include as components of its IT Project Business Continuity Plan. Agencies should consider the
business continuity plan one portion of their overall IT Project planning. A full business continuity plan
includes emergency and disaster management, business resumption, and Operational Recovery
Planning.
As part of their IT Project planning, each lead agency is required to participate in operational recovery
planning processes to reduce the risks associated with unanticipated outages to the product that is the
goal of this project.
While this document is initiated in the plan phase when decisions may not have been made on the topics
covered in this plan, the document will be updated with each development phase and upon deployment of
the project’s final product, this plan will become part of the operations documentation transferred from the
project to the application’s operations management group.
Page 2 of 9
Business Continuity
REVISION HISTORY
REVISION NUMBER
DATE
COMMENT
1.0
August 14, 2007
Original DoIT PMO Document
Page 3 of 9
Business Continuity
ABOUT THIS DOCUMENT ........................................................................................................................................................... 2
REVISION HISTORY ..................................................................................................................................................................... 3
1.0 CRITICAL BUSINESS FUNCTIONS OF PROJECT AND ITS APPLICATION(S) ................................................................................ 5
2.0
AGENCY ADMINISTRATIVE INFORMATION....................................................................................................................... 5
2.1 AGENCY RESPONSIBILITY FOR THE CRITICAL BUSINESS FUNCTION AND THEIR IT OPERATIONS ........................................................................ 5
2.2 COMMUNICATIONS STRATEGY FOR INITIALIZING EMERGENCY RESPONSE .................................................................................................. 5
2.3 ADMINISTRATIVE RESPONSIBILITY FOR THIS BUSINESS CONTINUITY PLAN................................................................................................... 5
3.0
RECOVERY STRATEGY ....................................................................................................................................................... 6
3.1 SEVERITY IMPLEMENTATION ............................................................................................................................................................ 6
3.2 AGENCY POLICIES AND IT BUSINESS CONTINUITY STRATEGY ................................................................................................................... 6
4.0
BACKUP AND OFFSITE STORAGE POLICY AND PROCEDURES ............................................................................................. 6
5.0
OPERATIONAL RECOVERY PROCEDURES .......................................................................................................................... 7
5.1 DETAILED RECOVERY PROCEDURES ................................................................................................................................................... 7
6.0 DATA CENTER SERVICES ....................................................................................................................................................... 7
7.0
RESOURCE REQUIREMENTS ............................................................................................................................................. 7
7.1 NON-PERSONNEL RESOURCES ......................................................................................................................................................... 7
7.2 PERSONNEL RESOURCES ................................................................................................................................................................. 7
8.0
ASSIGNMENT OF RESPONSIBILITY ..................................................................................................................................... 8
9.0 CONTACT INFORMATION ..................................................................................................................................................... 8
9.1 AGENCY BUSINESS CONTINUITY CONTACTS ........................................................................................................................................ 8
9.2 VENDOR AND OTHER AGENCY CONTACTS........................................................................................................................................... 8
10.
TESTING ........................................................................................................................................................................... 9
Page 4 of 9
Business Continuity
1.0 CRITICAL BUSINESS FUNCTIONS OF PROJECT AND ITS
APPLICATION(S)
This section should address the planning requirements for business continuity of the critical business
functions of the project’s outcome, and the maximum time period that the project needs to account for after
which these critical business functions will be impacted.
Critical Business
Functions
Project Aspects
Supporting These
Functions
Maximum Acceptable
Outage Time
Recovery Priorities
2.0 AGENCY ADMINISTRATIVE INFORMATION
2.1 AGENCY RESPONSIBILITY FOR THE CRITICAL BUSINESS FUNCTION AND
THEIR IT OPERATIONS
This section should include a description of the agency’s mission, including the organizational, managerial
and technical environments, as related to the project’s product deliverable.
Business Continuity planning should include the relevant organization charts of responsibility for IT
operations and the critical business functions supported by this project’s product deliverable.
2.2 COMMUNICATIONS STRATEGY FOR INITIALIZING EMERGENCY
RESPONSE
This section should outline a communication strategy noting information flow, decision making, and
interrelationship among agency core resources for response, recovery and resumption.
2.3 ADMINISTRATIVE RESPONSIBILITY FOR THIS BUSINESS CONTINUITY
PLAN
Page 5 of 9
Business Continuity
An executive summary that serves as a guide to the structure of the plan, the procedures for updating and
maintenance of the plan and the distribution of the plan The plan must include a description of the agency’s
test and awareness programs.
3.0 RECOVERY STRATEGY
3.1 SEVERITY IMPLEMENTATION
A description of the portions of the plan that will be implemented based on various levels of incident
severity, for example, minor interruption of service, total service failure or loss of facility. Recovery
strategies should be built to accommodate a worst case scenario, loss of service and facility.
Severity
Power Outage
Total Equipment Failure
Loss of Data Center Facility
Impacts
Response
3.2 AGENCY POLICIES AND IT BUSINESS CONTINUITY STRATEGY
This section should include a description of the recovery strategy that supports the agency’s critical
application priorities, including identification and evaluation of alternative recovery strategies. Will the
agency sustain critical business functions manually until the applications are recovered? Does the agency
contract with an outside source for recovery services? Will the agency’s information technology
infrastructure be rebuilt at another location? Will a hot or cold site be used?
Alternate recovery sites should be detailed within the plan that includes location, contact numbers and the
type of facilities/equipment that will be available.
4.0 BACKUP AND OFFSITE STORAGE POLICY AND PROCEDURES
Backup and retention schedules and procedures are critical to the recovery of an agency’s applications and
data.
Hardware
Software (including version),
Data file back-up and retention schedules
Off-site storage details
Contact and authority designation for personnel to
retrieve media.
Page 6 of 9
Business Continuity
5.0 OPERATIONAL RECOVERY PROCEDURES
This section systematically details the operational procedures that will allow recovery to be achieved in a
timely and orderly way.
5.1 DETAILED RECOVERY PROCEDURES
Detailed recovery procedures (including manual processes) that support the agency’s recovery strategy and
provide for the recovery of critical applications within the established maximum acceptable outage time
frames. Included would be the process for recovering the critical data-processing activities, application and
data recovery, and the process for suspending non-critical activities and any relocation to an interim (backup) processing site.
The procedures should be detailed enough so that another trained information technology professional
would be able to recover the agency’s infrastructure should those with primary responsibility be unavailable
during the recovery process. Include a high-level network diagram that includes all critical applications.
6.0 DATA CENTER SERVICES
For agencies using the services of a data center, a description of data center services that will be provided
during recovery must be documented.
Include information on any interagency agreements, memorandums of understanding or contracts.
If specific coordination of efforts with the data center is critical to the agency’s recovery, those procedures
should be included within Section 5 above.
7.0 RESOURCE REQUIREMENTS
7.1 NON-PERSONNEL RESOURCES
A comprehensive list of the equipment, space, telecommunication needs, data, software, hard-copy
references (forms and procedures) and personnel necessary for recovery is essential.
7.2 PERSONNEL RESOURCES
Identification of resources that will be available at an alternate site should also be documented.
Page 7 of 9
Business Continuity
8.0 ASSIGNMENT OF RESPONSIBILITY
Distinct management and staff assignment of responsibilities must be clearly designated within the business
continuity plan. Within procedures, job titles (rather than the names of individuals) should be used to assign
responsibility as it lessens maintenance on procedures as staffing changes.
Procedures
Job Titles
9.0 CONTACT INFORMATION
9.1 AGENCY BUSINESS CONTINUITY CONTACTS
Separate contact lists should include the names of individuals, job title and contact information.
Name
Job Title
Phone
Cell Phone
Other
9.2 VENDOR AND OTHER AGENCY CONTACTS
Contact lists for vendors, other government entities, and outside resources critical to the agency’s
recovery process.
Name
Job TitleOrganization
Page 8 of 9
Phone
Cell Phone
Other
Business Continuity
10. TESTING
A description of the annual operational recovery test(s) to be performed, including how the test(s) are to be
conducted, high level timeframes for each test, and the level of testing appropriate to the complexity of the
system(s), program(s), process(es) or organization(s) being recovered. Examples of testing may include
tabletop exercises, data recovery testing, forced testing (actual recovery due to an unplanned outage or
failure), and/or full plan testing.
Page 9 of 9
Related documents
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
Continuity Formal Approach
Continuity Formal Approach
Lecture 7 - mh-lectures.co.uk
Lecture 7 - mh-lectures.co.uk
Continuity of Operations Planning Training Recommendations Lee
Continuity of Operations Planning Training Recommendations Lee
Battle Box - ABC Solutions
Battle Box - ABC Solutions
Business Continuity Management
Business Continuity Management
Digital Continuity Framework Supplier Project Assessment
Digital Continuity Framework Supplier Project Assessment
02 2009 BCP Template, Coordinator
02 2009 BCP Template, Coordinator
Spring Break Homework
Spring Break Homework
Download
advertisement