Strategy documents that provide detailed procedures that ensure critical business functions are maintained and that help minimize losses of life, operations, and systems.
Business Continuity Plan (BCP) Contents
Procedures for emergency responses, extended backup operations, and post-disaster recovery.
Should reach enterprise-wide, with individual organizational units each having their own detailed continuity and contingency plans.
Requires senior executive management support for initiating the plan, final approval, budget support, and verifying testing phases are being carried.
Personnel turnover, reorganizations, and undocumented changes causes?
BCP to be outdated
Who is held liable if proper BCP's are not developed and used.
Natural - tornadoes, floods, hurricanes
Manmade - arsonist, terrorist, mistake
Technical - data corruption, device failure, communication line
Business Impact Analysis (BIA) Threats
Initiating the project; performing BIA; developing recovery strategy; developing recovery plan; implementing, testing, and maintaining the plan.
Steps for recovery planning
Requires getting management support, developing the scope of the plan, and securing funding and resources.
Project Initiation Phase
Most important first step in planning development. Qualitative and quantitative data needs to be gathered, analyzed, interpreted, and presented to management.
Business Impact Analysis (BIA)
Executive commitment and support is critical to?
Present a business case explaining regulatory and legal requirements, exposing vulnerabilities, and providing solutions.
To gain executive support
Who should prepare the plans?
People who carry them out
Who should the planning group include?
Representatives from all departments or organization units
Who identifies the individuals who will interact with external entities such as the press, shareholders, customers, and civic officials. Response to the disaster should be done quickly, honestly, and should be consistent with any other employee response?
Should be brought into normal business decision making procedures?
Disaster recovery and continuity planning
Includes direct dollar loss, as well as added operational costs, loss in reputation and public confidence, loss of competitive advantage, violation of regulatory or legal requirements, loss in productivity, delayed income, interest costs, and loss in revenue.
Loss criteria for disasters
Why should a survey be developed and given to the most knowledgeable people within the company?
To obtain the most realistic information pertaining to a company's risk and recovery procedures.
Determined by geographical, organization, or functional means.
Needs to be understood so it can be replicated at an alternate site after a disaster.
Types of offsite facilities that include the following: Hot, warm, or cold sites
Agreement in which a company promises another company it can move in and share space if it experiences a disaster and vice versa.
Tricky to implement, unenforceable. But, cheap and sometimes the only choice.
Site that is fully configured with hardware, software, and environmental needs. Can be up and running in hours, most expensive option.
Site that dos not have computers, but it dos have some peripheral devices such as disk drives, controllers, and tape drives. Less expensive than a hot site, but takes more effort and time to get operational. Most common type of subscription based facility.
Site that is just a building with power, raised floors, and utilities. No devices are available. Cheapest option, can take weeks to get up and operational. Testing this facility is extremely hard.
When restoring operations to the original site after a disaster, which operations should go back first?
Least critical organizational units
Communicating its requirements and procedures to all employees?
Important part of disaster recovery and continuity plan.
Demonstrate the actual ability to recover and can verify the compatibility of backup facilities?
Testing, drills, and exercises
When should there be a clear indication of what is being tested, how success will be determined, and how mistakes should be expected and dealt with?
When preparing for a test
Test in which copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Test in which representatives from each function area or department get together and walk through the plan from beginning to end?
Structured Walk-through Test
Test in which a practice execution of the plan takes place. Specific scenario is established, and the test continues up to the point of actual relocation to the alternate site.
Test in which some systems are actually running at the alternate site.
Test in which regular operations are stopped and where processing is moved to the alternate site.
An automatic function that sends the journal or transaction logs of the backed up files to an offsite to a backup facility.
How often should a BCP plan be tested?
At least once a year; and when substantial changes to the company or environment occur.
Important steps to address during a test recovery procedure
Maintain records of important events that happened during the procedure, and report those events to management.
Identifying the company's key functions, identifying the critical systems, estimating the potential loss and impact to the company.
Core components of a BIA.
Prevent loss of life and mitigate further damage.
Main goal of disaster recovery and business continuity planning.
To test backup tapes, which backup site option would require them to be brought to the original site for testing?
Warm Site - Original systems are moved to backup location, or duplicate systems are purchased.
Facility that should not be close to the main data center, and have the same security standards as the main data center.
Facility that stores the backup tapes
Who has the final approval of the BCP?
What is the most crucial piece of developing a business continuity plan?
Development, maintenance, and testing of a plan should require a high degree of what? This spreads awareness of these plans and their contents, allows discussion of possible threats and solutions, and improve the quality of the plan.
When is an emergency situation actually over?
All operations and people are moved back into the primary site.
Should contain information about how to deal with people, hardware, software, emergency procedures, recovery procedures, facility issues, and supplies.
Contents of a recovery plan
Estimated time frame between an unplanned interruption of business operations and the resumption of business at a reduced level of service that can be endured.
Maximum tolerable downtime
Continuity plan statement, BIA, Identify preventative controls, develop recovery strategies, develop BCP, exercise test drill, maintain BCP.
Components of developing a BCP.
After a disaster occurs, information should be prepared (by at least 2 people on the BCP team) to prevent rumors, ensure the media is reporting facts, and inform the public.
Reasons to inform the public and affected groups
System that is built for redundancy. It has two disks, both of which are written to simultaneously.
Member of the BCP team that will make insurance claims, assess damages, and estimate recovery costs.
Financial representative of the BCP team
NIST MDT Value for critical systems
Minutes to hours
NIST MDT Value for urgent systems
NIST MDT Value for important systems
NIST MDT Value for normal systems
NIST MDT Value for nonessential systems
Company owned off site facility
Type of automated data storage system that combines hard disk technology with the cheaper and slower optical or tape jukeboxes. Provides continuous online backup functionality.
Hierarchical Storage Management (HSM)
Type of storage that is made up of several storage systems that are connected together to form a single backup network. It allows for several systems to be connected to any storage device. Switching fabric allows for several devices to communicate with back-end storage devices and provides redundancy and fault tolerance by not depending on one line or connection.
Storage Area Network (SAN)
In the moments following a disaster, who should be called first?
Person designated in the continuity plan
Type of backup procedure that backs up only those files that have been modified since the previous backup of any sort. It does remove the archive attribute. Fastest to backup, slowest to restore because each backup of this type needs to be restored.
Type of backup procedure that backs up all files that have been modified since the last full backup. It does not remove the archive attribute.
Type of backup procedure that backs up all files, modified or not, and removes the archive attribute.
Business units of functions that must be present to sustain continuity of business, maintain life safety, and avoid public embarrassment.
Critical Support Areas
An automated way of sending files that have been modified to a remote location.
An event that affects a business for one day or longer?
A disaster that destroys a facility altogether is called a what? To resume operations, a short and long term solution must be developed.
Percentage of business that are truly prepared for a disaster?
Percentage of business that would go out of business if they were force to shut down operations for a one-week time frame?
An automated way of sending files over a serial line to a backup tape system at an offsite facility.
How many miles away from the primary site should the offsite facility be location?
The following represent what: Business, facility and supply, user, technical, data
BCP 5 Critical Resource Categories