Business Continuity Planning and Disaster Recovery

Size: px
Start display at page:

Download "Business Continuity Planning and Disaster Recovery"

Transcription

1 Business Continuity Planning and Katalin Szenes Dr., PhD, CISA, CISM, CGEIT, CISSP University Óbuda- Óbudai Egyetem Faculty JvN - Neumann János Informatikai Kar Inst. Applied Informatics - Alkalmazott Informatikai Intézet Dr. Szenes 1 Disclaimer The followings represent my opinion on / interpretation of the subject. Neither ISACA nor ITGI is liable for the followings or would be bound any way by its contents. A következők saját véleményemet és értelmezésemet tükrözik. Sem az ISACA, sem az ITGI nem felelős az itt következőkért, és nekik semmilyen kötelmet nem jelent. Szenes Katalin Note: the English formulation doesn't always follows the original either. Megjegyzés: az angol fogalmazás sem mindig egyezik az eredetivel. My comments inserted in quotations are denoted by [ ]. Idézet közbeni megjegyzéseimet [ ] -be teszem. 1

2 Table of Contents purpose and main aspects definitions - BCP, disaster, DRP, IT BCP, IT DRP tasks of the IS auditor example on these tasks: CISA Q no 6-3 on audit concerns: CISA Q no 6-10 consequences concerning the acceptance of the risks other planning issues preliminaries to be settled preliminaries / insurance emergency management team CISA Q no 6-8 notification priorities CISA Q NO 6-9 organizational unit IT & the BCP Dr. Szenes 3 Table of Contents on the components of the Information Systems Business Continuity Plan o o o o some [development] phases [development] process categories of incidents & incident management BIA & risk management system risk ranking issues in BIA phase questions in BIA phase example on risk aspects CISA Q no answer: see ISO/IEC 27001, 2, too Dr. Szenes 4 2

3 Table of Contents on the components of the Information Systems Business Continuity Plan - cont'd o o BCP documents Infrastructure types - hot, warm, etc. provisions for 3rd party agreements on the audit of 3rd party agreements infrastructure / telecommunications, networks infrastructure / storage Dr. Szenes 5 Table of Contents BCP plan - testing considerations rulebook contents recovery aspects (RPO, RTO, etc.) The IS BCP of the Individual Systems COBIT 3, 4 support of IS audit and IT security the processes of Delivery & Support DS4 - Ensure Continuous Service DS4 control objectives on the COBIT 5 support ISACA CRM case study references Dr. Szenes 6 3

4 purpose and main aspects purpose: to enable a business to continue offering critical services in the event of a disruption and to survive even a disastrous interruption of its activities the business continuity planning has to take into consideration: the market & strategy goals of the corporate the strategic business processes those key operations that are most necessary to the survival of the organization the human/material resources supporting them Note:?? business continuity plan must be based on the long-range IT plan?? Dr. Szenes 7 purpose and main aspects the business continuity plan includes: the disaster recovery plan to recover a facility rendered inoperable, including relocating operations into a new location for the recovered "normal" use the restoration plan that is used to return operations to normality whether in a restored or new facility only after mitigating the effect of the disruption by restarting the business applications involved Dr. Szenes 8 4

5 Business Continuity Planning - Definition The purpose of business continuity planning is to enable a business to continue operations should any kind of disturbance arise. Rigorous planning and commitment of resources is necessary to adequately plan for such an event. Business continuity planning is primarily the responsibility of senior management as they are entrusted with the safeguarding of both the assets and the viability of the company. The business continuity planning is to take into consideration: those key operations that are utmostly necessary to the survival and later to the market success of the organizations the human / material resources supporting them. Dr. Szenes 9 Business Continuity Planning - Definition The second part, the operations part of the business continuity plan should address all functions and assets required to continue as a viable organization and to keep acquiring market sucess. The extent of provision for reserve facilities depends on the cost / effectivity considerations of the top management. Dr. Szenes 10 5

6 Plan - Definition Disasters are disruptions that cause critical information resources to be inoperative for a period of time, e.g. (weather, terrorism, disruption in expected services, human error, etc.) (this disaster def. & examples are from the CISA Review Course transparents) The business continuity plan includes: the disaster recovery plan that is generally the plan to be followed by the business units to recover a harmed / demolished facility or business functionality, or an operational facility and the operations plan that is to be followed by the business units to "get by" while recovery is taking place. Dr. Szenes 11 Information Systems Business Continuity Planning / Information Systems Plan - Definition Everything is the same as in the case of the Business Continuity Planning / Plan with the exception that the continuity of the information systems processing is threatened. Information systems processing is one operations of many that keep the organization not only alive but also successful thus it is of strategic importance. Thus the event to be controlled is such a disruption and the objective of the control measure is to survive an interruption of the information systems processing. Dr. Szenes 12 6

7 Information Systems Business Continuity Planning / Information Systems Plan - Definition Throughout the planning process of business continuity the overall plan of the organization should be taken into consideration. All IS plans must be consistent with and support the corporate business continuity plan. This means that especially those information processing systems must have the more elaborated and ready-to-start reserve processing facilities that support key operations. Dr. Szenes 13 the tasks of the auditor to the tasks of the auditor belong: Evaluate the adequacy of backup and restore provisions to ensure the availability of information required to resume processing Evaluate the organization's disaster recovery plan to ensure that it enables the recovery of IT processing capabilities in the event of a disaster Evaluate the organization's business continuity plan to ensure the organization's ability to continue essential business operations during the period of an IT disruption./. Dr. Szenes 14 7

8 the tasks of the auditor auditors' tasks - cont'd Check if the BCP follows corporate strategy Evaluate plans for accuracy adequacy effectiveness etc. Evaluate offsite storage Evaluate ability of IS and user personnel to respond effectively Ensure plan maintenance is in place Evaluate readability of business continuity manuals and procedures./. Dr. Szenes 15 the tasks of the auditor auditors' tasks - cont'd Check the documents from the viewpoint of Currency Effectiveness Validity: interview personnel for appropriateness and completeness Evaluate the BCP quality, e.g.: Determine whether corrective actions are in the plan Evaluate thoroughness and accuracy Determine problem trends and resolution of problems./. Dr. Szenes 16 8

9 the tasks of the auditor auditors' tasks - cont'd Evaluate media & documentation handling: what is available, synchronization and currency of media and documentation Perform a detailed inventory review Review all documentation is it current, is it detailed enough? change management configuration management release management./. Dr. Szenes 17 the tasks of the auditor auditors' tasks - cont'd Evaluate offsite storage facility - if any, and what is there? evaluate the physical and environmental access controls examine the equipment for current inspection and calibration tags etc. Key personnel must have an understanding of their responsibilities./. Dr. Szenes 18 9

10 the tasks of the auditor questions for checking: Who is responsible for administration or coordination of the plan? Is the plan administrator/coordinator responsible for keeping the plan up-to-date? Is there a disaster recovery implementation team (i.e., the first response team members who will react to the emergency with immediate action steps)? Where is the disaster recovery plan stored? What critical systems are covered by the plan? What systems are not covered by the plan? Why not?./. Dr. Szenes 19 the tasks of the auditor questions for checking - cont'd What equipment is not covered by the plan? Why not? Does the plan operate under any assumptions? What are they? Does the plan identify rendezvous points for the disaster management committee or emergency management team to meet and decide if business continuity should be initiated? Are the documented procedures adequate for successful recovery? Does the plan address disasters of varying degrees? Are telecommunication s backups (both data and voice line backups) addressed in the plan? and how? - see later: infrastructure / telecommunications./. Dr. Szenes 20 10

11 the tasks of the auditor questions for checking - cont'd Is there a backup facility site? if not, then what are the plans for the case of disruption? and / or: what kind of precautions are made? (see later: different types of infrastructures) Does the plan address relocation to a new information processing facility in the event that the original center cannot be restored? Does the plan include procedures for merging master file data, automated tape management system data, etc., into pre-disaster files? Dr. Szenes 21 the tasks of the auditor - CISA Q no 6-3 Business Continuity and ) An IS auditor should be involved in: A. observing tests of the disaster recovery plan. B. developing the disaster recovery plan. C. maintaining the disaster recovery plan. D. reviewing the disaster recovery requirements of supplier contracts. Dr. Szenes 22 11

12 the tasks of the auditor - CISA Q no 6-3 / Business Continuity and ) Answer: A The IS auditor should always be present when disaster recovery plans are tested to ensure that the test meets the required targets for restoration, ensure that recovery procedures are effective and efficient, and report on the results, as appropriate. IS auditors may be involved in overseeing plan development, but they are unlikely to be involved in the actual development process. Similarly, an audit of plan maintenance may be conducted, but the IS auditor normally would not have any responsibility for the actual maintenance. An IS auditor may be asked to comment upon various elements of a supplier contract, but, again, this is not always the case. Dr. Szenes 23 on audit concerns - CISA Q no 6-10 / Business Continuity and ) version 1 - the transparents In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. The business continuity plan manual is not updated on a regular basis. C. Testing of the backup data has not been done regularly. D. Records for maintenance of the access system have not been maintained. Dr. Szenes 24 12

13 on audit concerns - CISA Q no 6-10 / Business Continuity and ) version 1 - the transparents The correct answer is C The most vital assets for a company are data. In a business continuity plan, it is critical to ensure that data are available. Therefore, regular testing of the backup of data must be done. If testing is not done, the organization may not be able to retrieve data when required during a disaster; hence, the company may lose its most valuable asset and may not be able to recover from the disaster. A loss on account of lack of insurance is limited to the value of assets. If the business continuity plan manual is not updated, the company may find the manual not fully relevant for recovery during a disaster. However, recovery could be still possible. Non-maintenance of records in an access system will not directly impact the relevance of the business continuity plan. Dr. Szenes 25 on audit concerns - CISA Q no 6-10 / Business Continuity and ) version 2 In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. The business continuity plan is not updated on a regular basis. C. Testing of the backup data has not been done regularly. D. Records for maintenance of the access system have not been maintained. The correct answer is? Dr. Szenes 26 13

14 Consequences Concerning the Acceptance of the Risks ISACA: The alternatives of the elimination of the risks are determined by the resources that the management wants to spend on the "safety". The management classifies according to business importance the assets processes data and the data processing systems importance is equal to the importance of the element they support. but my risk definition:./. Dr. Szenes 27 on the notion of risk risk strategic value of the asset * probability of the threatening goal-related asset risk is such a value, which is assigned to a pair of corporate asset, and operational objective risk (asset, goal) ~ distance (asset, goal) probability (asset, goal, attack) vulnerability (asset, goal, effort) transparency Dr. Szenes 28 14

15 other BCP planning issues the entire organization needs to be considered for BCP the personnel has to classify critical systems, resources to determine acceptable recovery times react the personnel who must react to the interruption/disaster scenarios are those who are responsible for the most critical resources management and user involvement is vital to the success of the business continuity plan./. Dr. Szenes 29 other BCP planning issues User management involvement is essential to the identification of critical systems, their associated critical recovery times and the specification of needed resources. The three major divisions that require involvement in the formulation of the business continuity plan are support services, business operations and information processing support. as the underlying purpose of business continuity planning is the resumption of business operations, every organizational unit should give aspects / and - or /help in the development of the BCP, IT BCP, etc., already in the planning phase./. Dr. Szenes 30 15

16 other BCP planning issues the BCP, IT BCP, etc., are to be based on the risk assessment results, and the BIA the business goals & strategy all issues involved in interruption to business processes, including recovering from a disaster Important: The plan should be documented and written in a simple language understandable to all. Copies of the plan should be maintained offsite../. Dr. Szenes 31 other BCP planning issues to the BCP, IT BCP, etc., the following other info are to be collected: Pre-disaster readiness possible Evacuation procedures Circumstances under which a disaster should be declared Identification of contract informations Recovery option explanations Identification of resources for recovery and continued operation of the organization Dr. Szenes 32 16

17 preliminaries to be settled to the BCP, IT BCP, etc., the followings should be agreed upon: The policies that will govern all of the continuity and recovery efforts The goals/requirements/products for each phase Alternate facilities to perform tasks and operations Critical information resources to deploy (e.g., data and systems) Persons responsible for completion Available resources to aid in deployment (including human) The scheduling of activities with priorities established Key decision-making personnel Backup of required supplies Telecommunication networks disaster recovery methods Redundant array of inexpensive disks (RAID) Insurance. /. Dr. Szenes 33 preliminaries / insurance Most insurance covers only financial losses, based upon the historical level of performance and not the existing level of performance. Also, insurance does not compensate for loss of image/goodwill. The Business Continuity Plan should contain: key information about the organization's insurance. it should take the corporate physical, logical, market, etc. environment into consideration etc. IT BCP: The information systems processing insurance policy is usually a multi-peril policy designed to provide various types of IS coverage. It should be modularly constructed in modules, so that it can be adapted to the insured s particular IT architecture, and requirements, etc.. /. Dr. Szenes 34 17

18 preliminaries / insurance (BCP / IT BCP) insurance is to cover, among others: actual costs of recovery replacement / reconstruction of every kind of equipment and facilities IT losses, e.g. IS Media & software &... reconstruction Extra expense Business interruption Valuable papers and records Errors and omissions Fidelity coverage Media transportation etc., other kind of costs of business continuity Dr. Szenes 35 emergency management team The emergency management team coordinates the activities of all other recovery teams. This team oversees: Retrieving critical and vital data from offsite storage Installing and testing systems software and applications at the systems recovery Identifying, purchasing, and installing hardware at the system recovery site Operating from the system recovery site Rerouting network communications traffic. /. Dr. Szenes 36 18

19 emergency management team emergency management team -cont'd Reestablishing the user/system network Transporting users to the recovery facility Reconstructing databases Supplying necessary office goods, i.e., special forms, check stock, paper Arranging and paying for employee relocation expenses at the recovery facility Coordinating systems use and employee work schedules etc.! Dr. Szenes 37 CISA Q NO 6-8 notification priorities (forrás -többek közt: CISA Review Course transparents, ISACA / Business Continuity and ) In a business continuity plan, which of the following notification directories is the MOST important? A. Equipment and supply vendors B. Insurance company agents C. Contract personnel services D. A prioritized contact list Dr. Szenes 38 19

20 CISA Q NO 6-8 notification priorities (forrás -többek közt: CISA Review Course transparents, ISACA / Business Continuity and ) The correct answer is D A prioritized list of contacts is most important since it will direct the process of communication and contact to various entities in order of priority. Choices A, B and C are musts, but not as important as choice D. Dr. Szenes 39 CISA Q NO 6-9 organizational unit IT & the BCP (forrás -többek közt: CISA Review Course transparents, ISACA / Business Continuity and ) Which of the following components of a business continuity plan is PRIMARILY the responsibility of an organization s IS department? A. Developing the business continuity plan B. Selecting and approving the strategy for the business continuity plan C. Declaring a disaster D. Restoring the IS systems and data after a disaster Dr. Szenes 40 20

21 CISA Q NO 6-9 organizational unit IT & the BCP (forrás -többek közt: CISA Review Course transparents, ISACA / Business Continuity and ) The correct answer is D The correct choice is restoring the IT systems and data after a disaster. The IT department of an organization is primarily responsible for restoring the IT systems and data after a disaster at the earliest possible time. Members of the organization s senior management are primarily responsible for developing the business continuity plan for an organization. Management is also responsible for selecting and approving the strategy for developing and implementing a detailed business continuity plan. The organization should identify a person in management as responsible for declaring a disaster. Although IT is involved in the three other choices, it is not primarily responsible for them. Dr. Szenes 41 On the Components of the Information Systems Business Continuity Plan - considerations only! [some] phases of development based on business impact analysis creation of a business continuity and disaster recovery policy classification of operations and criticality analysis forming responsible teams and nominating responsible employees and collecting their calling data development of a business continuity plan and disaster recovery procedures, and training and awareness program implementation of the plan regular testing and monitoring Dr. Szenes 42 21

22 On the Components of the Information Systems Business Continuity Plan - considerations only! planning [or rather: development] process ) Dr. Szenes 43 categories of incidents & incident management Negligible incidents are those causing no perceptible or significant damage, such as very brief operating system (OS) crashes with full information recovery or momentary power outages with uninterruptible power supply (UPS) backup. Minor events are those that, while not negligible, produce no negative material (of relative importance) or financial impact. Major incidents cause a negative material impact on business processes and may affect other systems, departments or even outside clients. Crisis is a major incident that can have serious material (of relative importance) impact on the continued functioning of the business and may also adversely impact other systems or third parties. The severity of the impact depends on the industry and circumstances, but is generally directly proportional to the time elapsed from the inception of the incident to incident resolution. Dr. Szenes 44 22

23 categories of incidents & incident management / Business Continuity and ) Dr. Szenes 45 On the Components of the Information Systems Business Continuity Plan - considerations only! BIA and risk management CISA CRM: Business Impact Analysis (BIA) risk management business continuity plan development: risk assessment includes: system risk ranking ranking: Critical Vital Sensitive Non-sensitive ranking in details:. /. Dr. Szenes 46 23

24 On the Components of the Information Systems Business Continuity Plan - considerations only! BIA and risk management system risk ranking: Critical These functions cannot be performed unless they are replaced by identical capabilities. Critical applications cannot be replaced by manual methods. Tolerance to interruption is very low; therefore, cost of interruption is very high. Vital These functions can be performed manually, but only for a brief period of time. There is a higher tolerance to interruption than with critical systems and, therefore, somewhat lower costs of interruption, provided that functions are restored within a certain time frame (usually five days or less).. /. Dr. Szenes 47 On the Components of the Information Systems Business Continuity Plan - considerations only! BIA and risk management system risk ranking - cont'd Sensitive These functions can be performed manually, at a tolerable cost and for an extended period of time. While they can be performed manually, it usually is a difficult process and requires additional staff to perform. Non-sensitive These functions may be interrupted for an extended period of time, at little or no cost to the company, and require little or no catching up when restored. Dr. Szenes 48 24

25 On the Components of the Information Systems Business Continuity Plan - considerations only! BIA and risk management issues in BIA phase consequences on BCP, that is, on: alternatives - see infrastructure types recovery strategies & methods risk management cycle Dr. Szenes 49 On the Components of the Information Systems Business Continuity Plan - considerations only! BIA and risk management questions in BIA phase Which are the different business processes? What are the critical information resources related to an organization s critical business processes? What is the critical recovery time period for information resources in which business processing must be resumed before significant or unacceptable losses are suffered? Dr. Szenes 50 25

26 On the Components of the Information Systems Business Continuity Plan example on the risk aspect - CISA Q / Business Continuity and ) 6-1 During an audit of a large bank, the IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk to which the bank is exposed is that the: business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. business continuity plan may not include all relevant applications and, therefore, may lack completeness in terms of its coverage. business impact of a disaster may not have been accurately understood by the management. business continuity plan may lack an effective ownership by the business owners of such applications. Dr. Szenes 51 On the Components of the Information Systems Business Continuity Plan example on the risk aspect - CISA Q / Business Continuity and ) 6-1 Answer: A The first and key step in developing a business continuity plan is a risk assessment exercise that analyzes the various risks that an organization faces and the impact of non-availability of individual applications. ISO: [I refer to 27001,2 ] Dr. Szenes 52 26

27 On the Components of the Information Systems Business Continuity Plan example on the risk aspect - CISA Q ISO reference to 6-1 Answer (ISO 2005) / : Chapter 14: BUSINESS CONTINUITY MANAGEMENT 14.1 INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT Including information security in the business continuity management process Business continuity and risk assessment Developing and implementing continuity plans including information security Business continuity planning framework Testing, maintaining and re-assessing business continuity plans on the standard, see the references! to buy: Dr. Szenes 53 On the Components of the Information Systems Business Continuity Plan example on the risk aspect - CISA Q ISO reference to 6-1 Answer / : Annex A -Control Objectives and Control [Measure]s A.14 Business continuity management A.14.1 Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption. see control measures A A ! on the standard, see the references! to buy: Dr. Szenes 54 27

28 On the Components of the Information Systems Business Continuity Plan BCP documents Continuity of operations plan Disaster recovery plan (DRP) Business resumption plan Continuity of support plan / IT contingency plan Crisis communications plan Incident response plan Transportation plan Occupant emergency plan Dr. Szenes 55 On the Components of the Information Systems Business Continuity Plan - considerations only! Infrastructure Types: o Mirroring o Hot, Warm or Cold Site o Alternative Hardware o Backup of Required Supplies o Telecommunication Networks o Servers, Storage o Offsite Libraries and Library Controls o Security and Control of Offsite Facilities o Media and Documentation Backup o etc. details:. /. Dr. Szenes 56 28

29 infrastructure types Mirroring [ parallel processing - special HW or organized] Hot Sites They are fully configured and ready to operate within several hours. The equipment, network and systems software must be compatible with the primary installation being backed up. The only additional needs are staff, programs, data files and documentation. another, new definition for hot site: The hot site is intended for emergency operations of a limited time period and not for long-term extended use. Long-term use would impair the protection of other subscribers. cont'd with consequences. /. Dr. Szenes 57 infrastructure types consequences of the new definition: Therefore, the hot site should be viewed as a means of accomplishing the continuation of essential operations for a period of up to several weeks following a disaster or major emergency. Further plans are still necessary to provide for subsequent operations. Several vendors offer warm- or cold-site facilities for a subscriber to migrate to after recovery of operations has been completed. This will free up the hot site for use by other subscribers. cold site defintion also has another version, with subscribers! Dr. Szenes 58 29

30 infrastructure types warm site: Warm Sites They are partially configured, usually with network connections and selected peripheral equipment, such as disk drives, tape drives and controllers, but without the main computer. Sometimes a warm site is equipped with a less powerful central processing unit (CPU), than the one generally used. The assumption behind the warm site concept is that the computer can usually be obtained quickly for emergency installation (provided it is a widely used model) and, since the computer is the most expensive unit, such an arrangement is less costly than a hot site. After the installation of the needed components, the site can be ready for service within hours; however, the location and installation of the CPU and other missing units could take several days or weeks. Dr. Szenes 59 infrastructure types Cold Sites These are sites that have only the basic environment (electrical wiring, air conditioning, flooring, etc.) to operate an IPF reducing the cost. The cold site is ready to receive equipment but does not offer any components at the site in advance of the need. Activation of the site may take several weeks. Duplicate (redundant) Information Processing Facility These are dedicated, self-developed recovery sites that can backup critical applications. They can range in form from a standby hot site to a reciprocal agreement with another company installation. Dr. Szenes 60 30

31 infrastructure types / Business Continuity and ) Mobile Sites This is a specially designed trailer that can be quickly transported to a business location or to an alternate site to provide a readyconditioned information processing facility. Reciprocal Agreement-with other organizations This is a less frequently used method between two or more organizations with similar equipment or applications. Under the typical agreement, participants promise to provide computer time to each other when an emergency arises. provisions for 3rd party agreements. /. Dr. Szenes 61 infrastructure / provisions for 3rd party agreements / Business Continuity and ) Configurations Are the vendor s hardware and software configurations adequate to meet company needs since these will vary over time? Disaster Is the definition of disaster broad enough to meet anticipated needs? Speed of availability How soon after a disaster will facilities be available? Subscribers per site Does the agreement limit the number of subscribers per site? Subscribers per area Does the agreement limit the number of subscribers in a building or area? Preference Who gets preference if there are common or regional disasters? Is there backup for the backup facilities? Is use of the facility exclusive or does the customer have to share the available space if multiple customers simultaneously declare a disaster? Does the vendor have more than one facility available for subscriber use? Dr. Szenes 62 31

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

IT Service Management

IT Service Management IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Stepping Through the Business Continuity Plan Audit

Stepping Through the Business Continuity Plan Audit Stepping Through the Business Continuity Plan Audit Doug Menendez Graybar Electric Company Presentation to MidAmerica Contingency Planning Forum February 16, 2012 Introduction Whether it is from internal

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Board of Supervisors June 6, 2002 Page 2

Board of Supervisors June 6, 2002 Page 2 Board of Supervisors June 6, 2002 Page 2 on recommendations contained in ISD s 1999 COMDISCO Report. ISD contracted with COMDISCO, an outside consultant, to conduct an assessment of ISD s data center s

More information

A SWOT ANALYSIS ON CISCO HIGH AVAILABILITY VIRTUALIZATION CLUSTERS DISASTER RECOVERY PLAN

A SWOT ANALYSIS ON CISCO HIGH AVAILABILITY VIRTUALIZATION CLUSTERS DISASTER RECOVERY PLAN A SWOT ANALYSIS ON CISCO HIGH AVAILABILITY VIRTUALIZATION CLUSTERS DISASTER RECOVERY PLAN Eman Al-Harbi 431920472@student.ksa.edu.sa Soha S. Zaghloul smekki@ksu.edu.sa Faculty of Computer and Information

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Everything You Need to Know About Network Failover

Everything You Need to Know About Network Failover Everything You Need to Know About Network Failover Worry-Proof Internet 2800 Campus Drive Suite 140 Plymouth, MN 55441 Phone (763) 694-9949 Toll Free (800) 669-6242 Overview Everything You Need to Know

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Security Architecture. Title Disaster Planning Procedures for Information Technology

Security Architecture. Title Disaster Planning Procedures for Information Technology Category Applicability Title Disaster Planning Procedures for Information Technology All Public Entities (See the Applicability section below.) Standard - A degree or level of requirement that all jurisdictions

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Cisco Disaster Recovery: Best Practices White Paper

Cisco Disaster Recovery: Best Practices White Paper Table of Contents Disaster Recovery: Best Practices White Paper...1 Introduction...1 Performance Indicators for Disaster Recovery...1 High Level Process Flow for Disaster Recovery...2 Management Awareness...2

More information

Module 7. Business Continuity Management

Module 7. Business Continuity Management Module 7 Business Continuity Management MODULE 7: BUSINESS CONTINUITY MANAGEMENT Table of Contents Module 7: Business Continuity Management... 1 SECTION 1: OVERVIEW... 7 MODLULE 7: BUSINESS CONTINUITY

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical

More information

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure A risky business Why you can t afford to gamble on the resilience of business-critical infrastructure Banking on a computer system that never fails? Recent failures in the retail banking system show how

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

WHAT IS DISASTER RECOVERY

WHAT IS DISASTER RECOVERY WHAT IS DISASTER RECOVERY The definition of Disaster Recovery' tends to vary widely from company to company and is a difficult term to define because it changes and is so varied in each situation. And

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

SCHEDULE 25. Business Continuity

SCHEDULE 25. Business Continuity SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or which TfL considers likely to render, it necessary or desirable

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Midsize Enterprise Summit Business Continuity Questions

Midsize Enterprise Summit Business Continuity Questions Select Q&A, D. Scott, F. DeSalvo Research Note 6 February 2003 Midsize Enterprise Summit Business Continuity Questions Current events have created a new awareness of the importance of business continuity

More information

BME CLEARING s Business Continuity Policy

BME CLEARING s Business Continuity Policy BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,

More information

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006 Department of Information Technology Data Center Disaster Recovery Audit Report Final Report September 2006 promoting efficient & effective local government Executive Summary Our audit found that a comprehensive

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

FINAL AUDIT REPORT. Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR

FINAL AUDIT REPORT. Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR FINAL AUDIT REPORT Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR BACKGROUND The field offices of the United Nations High Commissioner

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

Audit of IMS Disaster Recovery Plan

Audit of IMS Disaster Recovery Plan Audit of IMS Disaster Recovery Plan Internal Audit 378-1-615 April 29, 2009 TABLE OF CONTENTS EXECUTIVE SUMMARY...II 1.0 INTRODUCTION...5 2.0 AUDIT OBJECTIVES AND SCOPE...7 3.0 AUDIT APPROACH AND METHODOLOGY...7

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning Course: Information Security Management in e-governance Day 2 Session 5: Disaster Recovery Planning Agenda Introduction to Disaster Recovery Planning (DRP) Need for disaster recovery planning Approach

More information

IT Infrastructure is Key to Growth. Infrastructure nventory.

IT Infrastructure is Key to Growth. Infrastructure nventory. Introduction. The overall objective of an Information Technology (IT) Assessment is to evaluate whether an enterprise s current IT strategy is tightly coupled to the enterprise plans and challenges. Current

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

Backup and Redundancy

Backup and Redundancy Backup and Redundancy White Paper NEC s UC for Business Backup and Redundancy allow businesses to operate with confidence, providing security for themselves and their customers. When a server goes down

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview Business Continuity, Disaster Recovery and Data Center Consolidation IT managers today must be ready for the

More information

Contingency Planning Guide

Contingency Planning Guide Institutional and Sector Modernisation Facility ICT Standards Contingency Planning Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/CP Version: 1.20 Project Funded by the European Union 1 Document

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Chapter 3: Audit of business Continuity plan... 3 Learning Objectives... 3 3.1 Introduction... 3 3.2 Steps of BCP Process... 3 3.2.

Chapter 3: Audit of business Continuity plan... 3 Learning Objectives... 3 3.1 Introduction... 3 3.2 Steps of BCP Process... 3 3.2. Chapter 3: Audit of business Continuity plan... 3 Learning Objectives... 3 3.1 Introduction... 3 3.2 Steps of BCP Process... 3 3.2.1 Step 1: Identifying the mission or business-critical functions... 4

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

Sound Transit Internal Audit Report - No. 2014-6

Sound Transit Internal Audit Report - No. 2014-6 Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Protecting Microsoft SQL Server

Protecting Microsoft SQL Server Your company relies on its databases. How are you protecting them? Protecting Microsoft SQL Server 2 Hudson Place suite 700 Hoboken, NJ 07030 Powered by 800-674-9495 www.nsisoftware.com Executive Summary

More information

The case for cloud-based disaster recovery

The case for cloud-based disaster recovery IBM Global Technology Services IBM SmartCloud IBM SmartCloud Virtualized Server Recovery i The case for cloud-based disaster recovery Cloud technologies help meet the need for quicker restoration of service

More information