Table of Contents... 1

Similar documents
Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Planning for Risk Reduction

Desktop Scenario Self Assessment Exercise Page 1

BCP and DR. P K Patel AGM, MoF

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

BUSINESS CONTINUITY PLAN OVERVIEW

Business Unit CONTINGENCY PLAN

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Plan

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

BUSINESS CONTINUITY PLAN

Temple university. Auditing a business continuity management BCM. November, 2015

Building and Maintaining a Business Continuity Program

Business Continuity and Disaster Planning

Business Continuity Management

IT Disaster Recovery and Business Resumption Planning Standards

Overview TECHIS Manage information security business resilience activities

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Emergency Response and Business Continuity Management Policy

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Interactive-Network Disaster Recovery

Business Resiliency Business Continuity Management - January 14, 2014

The PNC Financial Services Group, Inc. Business Continuity Program

Disaster Recovery. Hendry Taylor Tayori Limited

BUSINESS CONTINUITY PLAN (TEMPLATE)

How to Design and Implement a Successful Disaster Recovery Plan

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Business Continuity Planning

INFOSEC.MY KNOWLEDGE SHARING SESSION

Ohio Conference for Payroll Professionals Disaster Recovery

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

Company Management System. Business Continuity in SIA

Continuity of Operations Planning. A step by step guide for business

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

CRISIS MANAGEMENT PLAN

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Jacksonville State University All Hazards - Continuity of Operations Plan (COOP)

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning for Schools, Departments & Support Units

Domain 3 Business Continuity and Disaster Recovery Planning

Clinic Business Continuity Plan Guidelines

The PNC Financial Services Group, Inc. Business Continuity Program

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

Protecting your Enterprise

Clinic Business Continuity Plan Guidelines

Creating a Business Continuity Plan for your Health Center

THE RENAL NETWORK, INC.

EVALUATING YOUR DISASTER READINESS?

Business Continuity for the Hospitality Industry

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Business Continuity Planning and Disaster Recovery Planning

BUSINESS CONTINUITY PLANNING GUIDELINES

Proposal for Business Continuity Plan and Management Review 6 August 2008

DISASTER RECOVERY PLANNING GUIDE

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Version Copyright Janco Associates, Inc. - Page 1

New Clerk Academy. August 13, 2015

Coping with a major business disruption. Some practical advice

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Statement of Guidance

CISM Certified Information Security Manager

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Statewide Disaster Recovery Coordinator Meeting. October 31, 2012

Business Continuity and Disaster Recovery Planning

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

Business Continuity Planning (800)

Overview of Business Continuity Planning Sally Meglathery Payoff

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Guideline on Business Continuity Management

Business continuity plan

BUSINESS RESILIENCE READY OR NOT

NCUA LETTER TO CREDIT UNIONS

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

External Supplier Control Requirements BCM

Continuity of Business

Disaster Recovery Planning Process

IT Disaster Recovery Plan Template

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

FORMULATING YOUR BUSINESS CONTINUITY PLAN

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

November 2007 Recommendations for Business Continuity Management (BCM)

Emergency Preparedness for Design Firms. RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015

Emergency Management Plan

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Disaster and Pandemic Planning for Nonprofits. Continuity and Recovery Plan Template

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business

How To Manage A Financial Institution

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

PBSi Business Continuity Planning

Vital Records. Mary Hilliard, CRM

How to measure your business resiliency

Unit Guide to Business Continuity/Resumption Planning

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319]

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Transcription:

... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes... 6 1.4.1 Risk Assessment Process... 6 1.4.2 Business Impact Analysis Process... 7 1.4.3 Recovery Strategy Development Process... 8 1.4.4 Business Continuity Plan Development... 9 1.4.5 Testing Process... 9 Chapter 2 Business Continuity Plan Overview... 11 2.1 Scope... 11 2.2 Business Continuity Planning and Technology Recovery Definitions... 12 2.3 Business Continuity Plan Objective... 12 Chapter 3 Business Description... 14 3.1 Office Locations... 14 3.1.1 Corporate headquarters... 14 3.1.2 Branch locations... 14 3.1.3 Alternate (emergency) location(s)... 14 3.2 Data Center Locations... 14 3.2.1 Main Data Center... 14 3.2.2 Secondary Data Center(s)... 15 3.2.3 Data Backup/Recovery and Application Failover Sites... 15 Chapter 4 Event Types... 16 1

4.1.1 Business Interruptions... 16 4.1.2 Technology Disasters... 16 Chapter 5 Plan Logistics... 18 5.1 Approvals, Maintenance, Revisions and Execution Authority... 18 5.2 Plan Location, Distribution and Access... 18 Chapter 6 Risk Assessment... 19 6.1 Risk Scenarios... 19 6.2 Gap Analysis... 20 Chapter 7 Business Impact Analysis (BIA)... 22 7.1 Determine Levels of Importance by Business Function... 23 7.2 Estimate Downtime Tolerances by Business Function... 23 7.2.1 Recovery Time Objectives... 23 7.2.1 Recovery Point Objectives... 24 7.3 Identify Resource Requirements... 24 7.4 Establish the Critical Path for Recovery... 25 Chapter 8 Business Continuity Organization... 26 8.1 Organizational Responsibilities... 26 8.2 Employee Responsibilities... 27 8.3 Duties... 27 Chapter 9 Event Phases Objectives... 28 9.1 Response Phase Objectives... 28 9.2 Business Resumption Phase Objectives... 28 9.3 Relocation Phase Objectives (only if relocation is necessary)... 28 9.4 Return to Business as Usual Phase Objectives (only if relocation was necessary)... 29 Chapter 10 Test Plans and Execution... 30 2

10.1 Test Plan Complexity... 30 10.2 Phase 1: Table Top Testing... 31 10.3 Phase 2: Technology Failover... 31 10.4 Phase 3: Technology Failover and Off-site Business Operations... 32 10.5 Continuing Refinements... 33 Chapter 11 General Event Preparedness... 34 11.1 Emergency Management / Crisis Response Team Call Tree... 35 11.2 Critical Path to Recovery... 36 11.3 List of Employees and Contact Information... 37 11.4 List of Vendors and Service Providers and Contact Information... 38 11.5 List of Customers and Contact Information... 39 11.6 List of Equipment Suppliers and Data Storage Locations... 40 11.7 List of Communications Carriers, ISPs, Internet Hosting... 41 11.8 Event Checklist... 42 11.9 Technology and Infrastructure Recovery Checklist... 43 3

Introduction Executive Summary Chapter 1 Introduction 1.1 Executive Summary In today s environment, businesses leaders are increasingly aware of potential threats to their businesses that may appear in many forms terrorism, catastrophic natural disasters, pandemics and cyber-attacks. Regulators likewise have taken a more careful view of the financial services industry s overall ability to respond to and recover from disruptive events that could impact the entire financial system and undermine the public s trust. recognizes the value of having in place a plan to protect its assets, to minimize its financial losses, to maintain its business operations and to recover its technology in the case of unplanned disruptive events. It is essential to to maintain continuity of its operations in support of its customers, business associates, stakeholders, regulatory obligations, and s own financial status and reputation. This policy is intended to serve as the framework for developing [Sample Client] s unique Business Continuity Plan. It is the policy of to develop and maintain a Business Continuity Plan that considers strategies and procedures to recover, resume and maintain its critical business functions, processes and responsibilities. This Business Continuity Planning Policy is intended to provide the framework for developing and maintaining a Business Continuity Plan that is specific to the business needs, strategic goals and risk appetite of [Sample Client], and is relative to its size and complexity. Senior Management and the Board of Directors (henceforth Management ) is committed to establishing and maintaining emergency procedures, backup facilities, and a comprehensive plan that allows for the timely recovery and resumption of operations and the fulfillment of the responsibilities and obligations of. Management fully supports and participates in the development, monitoring, testing, and regular maintenance of a Business Continuity Plan (the Plan). The Plan will initially be developed in-house; however, may determine that an outsourced vendor provides the best solution and implementation for the company. 4

Business Continuity Plan Overview Scope Chapter 2 Business Continuity Plan Overview The Business Continuity Plan is a statement of prepared actions to be taken and decisions to be made before, during, and after a significant business disruption event or a threat thereof. A business disruption event is: An unwanted event that threatens personnel, buildings, technology, services, operational procedures, the ability to conduct business, and/or the reputation of, and which requires specific measures to return to business as usual. An event may be caused by such things as: a loss of utility service, communications or connectivity; by a significant breach in security; or by a catastrophic event that causes a disruption in s ability to function and provide service to its clients. Events may be of short duration (a few hours to a day or two) or long duration where recovery involves long term or permanent relocation of facilities, infrastructure and personnel. Business disruption events include: Fires Severe weather (tornados, hurricanes, blizzards) Natural disasters (floods, volcanos, earthquakes) Environmental disaster (toxic spills, explosions, plane crashes) Criminal activity (burglary, terrorism, vandalism, random shootings) Pandemics or localized epidemics 2.1 Scope The Plan is intended to help manage risks that threaten the survival of. It provides a framework to ensure adequate resilience so that can continue to operate and serve our customers and comply with regulatory requirements if we encounter an event that impacts our ability to conduct business as usual. 11

General Event Preparedness Emergency Management / Crisis Response Team Call Tree 11.1 Emergency Management / Crisis Response Team Call Tree These individuals are those who make crisis level decisions, who determine the appropriate response to an incident and who declare an emergency and invoke the Plan. Name/Position [Name 1] [Alt. Name] [Name 2] [Alt. Name] Calls these names: [Name A] [Name B] [Name C] [Name D] [Name E] [Name F] [Name G] [Name H] [Name I] [Name J] Home phone Mobile phone Home email Contact made? Using the top-down organization chart as a guide, will develop a Call Tree that directs and expedites the flow of communications during an event. Each level of the Call Tree should include a primary and alternate member to ensure adequate access and representation at each level. The Call Tree will identify which individuals call specific other people; this would follow organization reporting and cross-business team partners as sub-groups. Each level will be responsible for furthering the communication to the next subgroup to the extent required. The Call Tree will include a method for recording a success/failure result in reaching each member. The example table above will be expanded to multiple levels of calling responsibility. 35

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information