How to Exercise a Business Continuity Plan (BCP)

Similar documents
Guidance Note XGN XXX.1

BUSINESS CONTINUITY TABLETOP EXERCISE (TTEX) GUIDE

Business Continuity Management Policy and Framework

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Information Security Policy. Chapter 11. Business Continuity

1.0 Policy Statement / Intentions (FOIA - Open)

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Business Continuity Management Policy

Coping with a major business disruption. Some practical advice

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Management Policy

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Business Continuity Management

Business Continuity Management Framework

Business Continuity Management

" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12

An Introduction to. Business Continuity Planning

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

BUSINESS CONTINUITY STRATEGY

Business Continuity Planning advice for Businesses with employees

abcdefghijklmnopqrstu

VISION FOR LEARNING AND DEVELOPMENT

Business Continuity Plan Toolkit

Business Continuity Planning and Disaster Recovery Planning

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Guideline - Business Continuity Plan

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

Risk Management Guidelines

BUSINESS CONTINUITY MANAGEMENT POLICY

BCP and DR. P K Patel AGM, MoF

A GUIDE TO BUSINESS CONTINUITY PLANNING

RISK MANAGEMENT STRATEGY

It s the Business! Business continuity considerations for all organisations

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

How To Manage A Disruption Event

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Business Continuity and Crisis Management. Interactive workshop on the application of best practice (and more)

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Business Continuity Management Program Development Guide

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

University of Nottingham Emergency Procedures and Recovery Policy

Business Continuity Policy

BUSINESS CONTINUITY & STRATEGY POLICY

Business Continuity Policy

Business continuity plan

Business Continuity (Policy & Procedure)

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

GUIDE TO DEVELOPING AND CONDUCTING BUSINESS CONTINUITY EXERCISES

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Policy

Company Management System. Business Continuity in SIA

BUSINESS CONTINUITY STRATEGY

ESKISP Conduct security testing, under supervision

39 GB Guidance for the Development of Business Continuity Plans

Merrycon s Approach to Business Continuity Management

An approach to planning for a pandemic

Business Continuity Policy

Overview TECHIS Manage information security business resilience activities

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Committees Date: Subject: Public Report of: For Information Summary

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

RISK MANAGEMENT AND BUSINESS CONTINUITY ANNUAL REPORT

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business Continuity Management AIRM Presentation

Business Continuity Management Policy

External Supplier Control Requirements BCM

Title: Rio Tinto management system

To be used in conjunction with the Invitation to Tender for Consultancy template.

Transcription:

How to Exercise a Business Continuity Plan (BCP) This document provides a step by step guide to exercising a Business Continuity Plan (BCP). The exercise of a BCP should not be undertaken in isolation, but should be in the context of a structured Business Continuity Management (BCM) programme, as described in the Business Continuity Institute s Good Practice Guidelines (GPG). The GPG recommends that an Exercise Programme be developed to ensure that over a period of time: All information in plans is verified All plans are rehearsed All relevant personnel (including deputies) are exercised There are three basic types of BCP exercise: Simulations Using the BCP to undertake a response to a theoretical incident Tests Confirming that the recovery of an activity, piece of equipment or technology, a complete area of the organisation, or a set of inter-connected equipment or technologies, works Rehearsals Practicing the recovery of an activity, piece of equipment or technology, a complete area of the organisation, or a set of inter-connected equipment or technologies, following a script An individual exercise can be made up of any combination of these three basic types. ww.merrycon.com info@merrycon.com +44 1539730908 2013 Merrycon Ltd

Page 2 of 5 Step by Step Guide to Exercising a BCP 1. MAKE SOMEONE RESPONSIBLE...3 2. DECIDE ON THE BCP TO BE EXERCISED...3 3. DECIDE ON THE OBJECTIVES...3 4. DECIDE ON THE TYPE OF EXERCISE...3 5. DECIDE ON PARTICIPANTS...3 6. ESTIMATE THE COSTS, RISKS, DISRUPTION...3 7. OBTAIN APPROVAL...3 8. PLAN THE EXERCISE...3 9. AGREE THE EXERCISE PLAN...4 10. CONFIRM THE EXERCISE PLAN...4 11. PREPARE FOR THE EXERCISE...4 12. UNDERTAKE A RISK ASSESSMENT...4 13. OBTAIN CONFIRMATION TO PROCEED...5 14. PREPARE AND ISSUE A BRIEFING DOCUMENT...5 15. RUN THE EXERCISE...5 16. CONDUCT A HOT DE-BRIEF...5 17. PREPARE A DRAFT REPORT...5 18. CIRCULATE THE DRAFT REPORT FOR COMMENT...5 19. UPDATE, FINALISE, AND CIRCULATE THE REPORT...5

Page 3 of 5 1. MAKE SOMEONE RESPONSIBLE The starting point is to make someone responsible for exercising the BCP. This individual needs to be: Given the time and access to the information and people required to enable the BCP to be exercised Trained in how to exercise a BCP, or provided with assistance by someone who is trained in how to exercise a BCP 2. DECIDE ON THE BCP TO BE EXERCISED Decide on the BCP that is going to be exercised. 3. DECIDE ON THE OBJECTIVES Decide on the objectives of the exercise. In other words, decide on what the exercise will achieve (there is a world of difference between trying to familiarise a group of people with a plan and attempting a test recovery of a complex computer system at a third party recovery site). 4. DECIDE ON THE TYPE OF EXERCISE Decide on the type of exercise to be used, which should be the one most suited to achieving the objectives. The basic types are: Simulation Test Rehearsal The types can be combined in order to achieve the objectives (e.g. a Simulation that includes a Test and a Rehearsal). 5. DECIDE ON PARTICIPANTS Decide on who will be required to participate in the exercise. 6. ESTIMATE THE COSTS, RISKS, DISRUPTION Estimate the: Costs of the exercise, both in terms of internal resources to be used and external expenditure Risks to the organisation in undertaking the exercise Disruption to normal operations that might be caused by the exercise 7. OBTAIN APPROVAL Obtain approval to run the exercise, including obtaining a budget and a commitment to allocate the people, their time, and other resources. 8. PLAN THE EXERCISE Develop a plan for the exercise, to include the:

Page 4 of 5 Objectives Type of exercise Participants Date Location Resources required Work needed to be undertaken before the exercise 9. AGREE THE EXERCISE PLAN Obtain agreement to the plan for the exercise. In particular, ensure that the participants are available on the date and can attend the location. 10. CONFIRM THE EXERCISE PLAN Confirm the plan for the exercise. Unless the exercise is to be unannounced, obtain confirmation from the participants that they are available on the date and can attend the location. 11. PREPARE FOR THE EXERCISE Undertake the work that is required to be done prior to the exercise. This may include, amongst other things: Identifying a scenario Developing a script Booking rooms Hiring equipment Arranging catering and accommodation Preparing materials Producing documentation Commisioning third parties Inviting observers Arranging for appropriate technical support Training staff Rehearsing the exercise 12. UNDERTAKE A RISK ASSESSMENT Undertake a risk assessment for the exercise by: Identifying what can go wrong (the threats) Deciding on a risk assessment method Estimating the likelihood and impact of each threat Calculating the risk of each threat using the risk assessment method Identifying things that can be done to reduce or eliminate the risks (mitigation measures) Documenting the residual risks

Page 5 of 5 13. OBTAIN CONFIRMATION TO PROCEED Present the output of the risk assessment to whoever originally approved the exercise, and obtain confirmation that it is OK to proceed with the exercise. 14. PREPARE AND ISSUE A BRIEFING DOCUMENT Unless the exercise is to be unannounced, prepare and issue a briefing document to the participants. 15. RUN THE EXERCISE Run the exercise. 16. CONDUCT A HOT DE-BRIEF Run a short de-briefing session for the participants and observers immediately after running the exercise. This should cover: Their immediate reactions to the exercise What went right What went wrong What could be improved Suggestions for improving the BCP 17. PREPARE A DRAFT REPORT Prepare a draft report on the exercise. This should include: The outcome of the exercise Whether or not the objectives were achieved, and if not, why Details of any suggested changes to the BCP Any actions that need to be taken to improve resilience Any suggested improvements to the implementation of BCM Recommendations for future exercises 18. CIRCULATE THE DRAFT REPORT FOR COMMENT Circulate the draft report to all those with a stake in the BCP and the exercise, and ask for comments. As part of this, determine who should be on the distribution list for the final report. 19. UPDATE, FINALISE, AND CIRCULATE THE REPORT Update the draft report taking into account the comments to produce a final version, and circulate it to the agreed distribution list.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information