1 / 14

Business Continuity A matter of survival Session 5 Develop, test and maintain the Plan

Learn how to develop, test, and maintain a comprehensive business continuity plan to ensure survival in the face of disasters. Explore the necessary sections, supporting requirements, training, testing strategies, and ongoing maintenance.

rswenson
Télécharger la présentation

Business Continuity A matter of survival Session 5 Develop, test and maintain the Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Business ContinuityA matter of survivalSession 5Develop, test and maintainthe Plan

  2. Stage 3 Develop plan Training On- going Review & update Testing System changes Developing and testing the Plan

  3. Developing the Plan • Object - the completed plan must contain everything that is necessary to recover the business following a disaster. • What constitutes a disaster? Depends on - • economic strength • private or public sector • nature of impact (e.g financial loss, loss of life, loss of control)

  4. Sections of the Plan • Administration - • authority to invoke the plan • guidance on when to invoke the plan • Emergency Control Centre • emergency response teams - roles, personnel • IT infrastructure - lists of suppliers and contractors, system configuration details • Support contracts - disaster recovery, equipment replacement

  5. Sections of the Plan • Remote media store - location, items held, arrangements for gaining access • Computer operations - instructions for service restoration, service relaxation(s) • Personnel - personnel to be re-located at standby site, welfare arrangements, sources of additional personnel • Home site - security and salvage • Standby site - contacts, transport, facilities • Return to normal - roles & responsibilities

  6. Supporting requirements • Evacuation procedures • Emergency Control Centre • Re-locating personnel • Re-establishing support services • Vital records - security of essential paper documents • Salvage

  7. Training • Limited value if staff are unaware of - • need for a plan? • emergency arrangements - scenarios • what would happen if plan activated • roles & responsibilities • who to contact/where • re-location sites, accommodation, transport • Specialist training for response teams

  8. Testing the Plan • What use is a plan that doesn’t work when needed? • Testing is essential to prove that the plan works

  9. Testing • Factors to consider - • cost • business disruption • what changes have taken place? (new systems, changes, locations) • any changes to the threat environment? (severe weather forecast, industrial action expected, terrorist activity increasing)

  10. Testing strategy - full testing • Most effective way to uncover flaws • Impose near as possible disaster conditions • Set performance targets • Record - • times to achieve targets • problems • Post mortem • Update

  11. Testing strategy - restricted testing • Cheaper, less disruptive • Provides limited assurance • Periodically - • test standby utilities - weekly? • carry out “dry runs” - monthly? • recover from backup - quarterly? • practice evacuations - 6 monthly? • arrange visits to standby site - annual?

  12. Maintaining the Plan • Accountability - need for an “Owner” • Annual budget to maintain the plan • Managing changing - • business priorities • IS/IT • locations • On-going need for - • training/awareness • testing

  13. Summary • “Business continuity” requires a comprehensive plan • Training - specialists & others • Live testing - costly but necessary • Restricted testing - cheaper, but provides only limited assurance • Accountability - need for an “Owner” • On-going maintenance

  14. Audit considerations • Are business systems adequately backed up? • Are backup copies held in a secure and remote media store? (go and see for yourself!) • Is there evidence that the backing up strategy works in practice? • Is there an appropriate disaster recovery plan? • Is it based on thorough risk assessment? • How do personnel know their role in the plan? • How is the Plan maintained? • Is the Plan demonstrably workable?

More Related