360

360


BUSINESS CONTINUITY & DISASTER RECOV
ERY PLANNING



BCP DRP

BCP

BCP
BCP

BIA

DRP
DRP


A.
A.1

B.
B.1
B.2
B.3
B.4

C.
C.1
C.2

D.
D.1
D.2
D.3
D.4
D.5
D.6

E.


Disaster

Natural Earthquakes Floods

Storms Volcanic Eruptions
National Fires

/ System/Technical ,
Outages / Errors

Supply Systems Power

Distribution Burst Pipes

Man-Made Explosions Fires

Purposeful Destruction Aircraft
Crashes Hazardous Spills
Chemical Contamination Malicious Code

Political Terrorist Attacks

Riots Strikes

BCP
Business Continuity
Plan BCP

IT
/
BCP

/ Business
Recovery/Resumption Plan BRP

BCP
BRP
BCP BRP
BCP

BCP
Continuity of Operations
Plan COOP

30
COOP BCP
COOP
IT

COOP BCP BRP

IT Continuity of
Support Plan/IT Contingency Plan

IT
IT
BCP

BCP
Crisis Communications Plan

BCP

Cyber Incident Response

Plan

IT

BCP

BCP
Disaster Recovery
Plan DRP

DRP
IT
DRP IT
DRP
DRP
BCP

Occupant Emergency
Plan OEP

OEP

GSA OEP GSA

OEP OEP BCP

BCP

BCP
BCP

BCP

BCP

BCP

BCP BCP

Work Plan

BCP

BCP

BCP

BCP
BCP

 IT

1
2
3
4

LAN
WAN

LAN
WAN

BIA

LAN
WAN

BIA

IT

IT

Recovery
Windows

BIA

Interviewees


Time-Critical
Maximum Tolerable
Downtime MTD
MTDs
BIA



Human resources

Processing capability

Computer-based services

Automated applications and data

Physical infrastructure

Documents and papers

BIA

UPS /

Emergency response

Recovery

Resumption


Business Recovery

Facility and Supply Recovery

User Recovery

Technical Recovery

Data Recovery


hot site

warm site cold site

BCP

Recovery Time Objectives RTO

Recovery Point Objectives RPO

IT

Continuity
Of
Operations

Plan COOP

IT

IT

IT


Redundant Arrays of
Inexpensive Disks RAID
Mirroring

Parity

Striping

RAID
Hot-Swappable

RAID

Failure Resistant disk

Systems FRDSs

Failure Tolerant disk

Systems FTDSs

Disaster Tolerant disk

Systems FTDSs

Electronic vaulting

Remote Journal

Mirroring

RTO
RPO

Shadowing

RTO
RPO

Load Balance

Hot Site
Cold Site
Warm Site
Mobile Site
Redundant site
Reciprocal/mutual
agreement
Multiple Processing
Centers
Service Bureaus

24

IT

IT

IT

IT

IT

SUPPORTING
INFORMATION

NOTIFICATION/ACTIVATION PHASE
RECOVERY PHASE
RECONSTITUTION
PHASE

Purpose

Applicability

Scope
References/Requirements

Record of Changes

System Description

Line of Succession

CIO
Responsibilities

Call
Tree

Damage Assessment

IT

IT
Activation

CIO

Sequence of Recovery
Activities

Recovery Procedures

POC Point Of
Contact

SLA

BIA
BIA

BCP

Web

LAN/WAN

BCP ( )

BCP ( )

BCP

Checklist

Structured Walk-Through

Stimulation

Parallel

Full Interruption

BCP ( )
Other Types of Training

Emergency Response

BCP

change management

BCP


To get managements suppor
t and approval of the plan, a
business case must be made
. Which of the following is lea
st important to this business
case?
Regulatory and legal requirem
ents
Company vulnerabilities to disa
sters and disruptions
How other companies are deali
ng with these issues
The impact the company can e
ndure if a disaster hit


What should be done first
when the original facility b
ecomes operational again
following a disaster?
Inform the media and stock
holders
Inform all of the employees
Move the most critical functi
ons to the original facility
Move the least critical functi
ons to the original facility


Software escrow invol
ves ______ parties

Two
Three
Four
Five

____
__


Recovery strategies a
re pre-established an
d management _____
__ steps that should b
e put into action in the
event of a disaster

Approved
Directed
Requested
Documented

_______


Critical support areas are defi
ned as
Business units or functions that
must be present to sustain conti
nuity of business, maintain life s
afety, and avoid public embarra
ssment
Business units or functions that
may be replaced by others in a
disaster situation
Human resource and informatio
n technologies
Business units or functions that
require support against manma
de disasters