Continuity Plan Testing Flowchart



Similar documents
Building an effective Tabletop Exercise. Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

How To Prepare For A Disaster

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Business Continuity and Disaster Recovery Planning

Fundamentals of Business Continuity Planning Have a Plan!

Certified Disaster Recovery Engineer

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

What is an Exercise? Agenda. Types of Exercises. Tabletop Exercises for Executives. Defining the Tabletop Exercise. Types of Tabletop Exercises

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

CERTIFIED DISASTER RECOVERY ENGINEER

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

PHILADELPHIA GAS WORKS Business Continuity Plan and Consulting RFP # Questions & Answers ed April 21, 2014

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

BUSINESS CONTINUITY TABLETOP EXERCISE (TTEX) GUIDE

Business Continuity & Disaster Recovery

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BUSINESS CONTINUITY PLAN

Overview of how to test a. Business Continuity Plan

Domain 3 Business Continuity and Disaster Recovery Planning

Planning for Disaster. Ramesh Ramani CISM CGEIT 02 June 2010

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

Disaster Recovery and Business Continuity Plan

Business Continuity Training and Testing: Narrowing the Gaps

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Business Continuity Plan

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Overview Of Emergency Management Exercises

Business Continuity and Disaster Recovery Planning

Disaster Recovery Policy

TABLETOP EXERCISE FACILITATOR S GUIDE:

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

Planning for Disaster Disaster

Business Continuity Planning and Disaster Recovery Planning

State of South Carolina Policy Guidance and Training

Week 09 Assignment 9-3. William Slater. CYBR 625 Business Continuity Planning and Recovery. Bellevue University

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Business Continuity Management

ShakeOut Exercise Manual For Hospitals

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

INFORMATION SECURITY FOR YOUR AGENCY

Creating a Business Continuity Plan for your Health Center

Unit Guide to Business Continuity/Resumption Planning

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

CONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS

The Joint Commission Approach to Evaluation of Emergency Management New Standards

DISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY

It also provides guidance for rapid alerting and warning to key officials and the general public of a potential or occurring emergency or disaster.

Disaster Recovery. July Specialists in IT Outsourcing and Consultancy

Overview. Emergency Response. Crisis Management

Situation Manual Orange County Florida

Technology Infrastructure Services

Why COOP? 6 Goals of COOP. 6 Goals of COOP. General Guidelines for COOP Capability. COOP Program Model 7 Phases. Phase 1: Initiate COOP program

Child Care Emergency Preparedness Training. Participant Manual

11 Common Disaster Planning Mistakes

Business Continuity Planning Guide

Tampa Bay Catastrophic Plan ANNEX L: HURRICANE PHOENIX EXERCISE

Proposal for Business Continuity Plan and Management Review 6 August 2008

Evaluating and Improving Your Business Continuity Plan

MARQUIS DISASTER RECOVERY PLAN (DRP)

1) Introduction. Why do Organizations Conduct Exercises? Exercises are used by organizations to:

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity Planning (BCP) / Disaster Recovery (DR)

ITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan

Information Security Management System. Business Continuity and Disaster Recovery Plan Policy. The Smart Cube. Description Change

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Business Impact Analysis (BIA) and Risk Mitigation

Disaster Preparedness & Response

Business Continuity Template

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Saving SharePoint. Presented By: Sean McDonough Product Manager, SharePoint Products Idera

Business Continuity Planning from the municipal perspective

White Paper: Librestream Security Overview

Clinic Business Continuity Plan Guidelines

Can your Organization survive a natural disaster?

Clinic Business Continuity Plan Guidelines

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Todd & Cue Ltd Your Business Continuity Partner

Protecting your Enterprise

CONTINUITY OF OPERATIONS PLANNING

The Disaster Recovery Maturity Framework

Expecting the Unexpected. Disaster Preparedness Strategies for Small Business

The 7 Disaster Planning Essentials

Transcription:

Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services Continuity Plan Testing Flowchart 1

Ongoing Multi-Year Testing Full Scale Exercises Functional Exercises Orientation Tabletops Drills / Test Capabilities Planning / Training Discussion Based Operations Based Types of Tests 2

Defining Roles and responsibilities Position DR/BCP Coordinator / Information Security Officer ManagementTeam IT Manager/ Network Admin Participants(all employees, DR/BCP Team, Business Area Managers/SME) Roles and Responsibilities Coordinateschedule / Exercise facilitator Provide guidance and approval of Exercise Plan Coordinate IT Recovery Plans Plan and conduct IT Tests Support BCP Coordinator in Development and exercising Member of recovery team Familiar with Plan Know assignments Perform specific business duties Functional and Full Scale Tests IT Recovery -test restore of technology, (i.e. data, network) Going offsite to a backup location tests recovery site preparedness, communications and utilities Trained and informed personnel are typically performing recovery steps Transaction testing verifies restore, connectivity and access using a person that knows the business process Community resources may be involved What verifies the completeness of the Plan? 3

Why Tabletop Exercises? Provide a forum for the following: Team Building Validate the Plan Documentation Information Collection and Sharing Obtain consensus from team Evaluation of Differing Perspectives Why Tabletop Exercises? Provide a forum for the following: Problem solving of complex issues Test considerations for new situations, ideas, processes and/or procedures Training/Awareness for management and staff 4

Goals and Objectives What will success look like? (SMART) Simple (concise) Measurable (how to document) Achievable (can this be done during the exercise?) Realistic (and challenging) Task Oriented (fits to business functions) Scope: Exercise Activities Departments Involved Hazard Type of Threat Source Geographic or outage Impact Area Staff Impacted Facilities Impacted 5

Building a Scenario Choosing a Threat to Test Threat Risk Asmt Vulnerability Threat Assessment Start with simple basic scenarios basic Fire minimal damage Note: For example tornado incidents in the Midwest increased awareness of their threat risk. The state of Wisconsin provides ongoing tasks of planning, preparing, and training for Tornado preparedness. Building a Scenario As your DR/BC matures - make scenarios more complex Consider the unexpected Don t share the full scenario before the event Does the DR/BCP Team always know when a tabletop will occur? 6

Building a Scenario How quickly can you pull together key Business Team Members? How quickly can all key individuals be contacted and mobilized to the alternate location? Do you test the involvement of any outside parties? (i.e. law enforcement, safety, utilities, telephone, ISP Objectives of Exercise Tabletop Exercise Program Objectives To improve operational readiness by demonstrating knowledge of the DR/BCP Plan overall To improve bank-wide coordination and response capabilities for effective disaster response To identify communication pathways and problem areas between IT, outside entities (utilities, media) business areas, regional and state emergency operations centers To establish timely response for safety, recovery and restore to normal operation. 7

Tips for an Effective Tabletop Decide how much gloom and doom you want. "Do you want this to bea physical event with assets damaged and destroyed, Do you just want things inaccessible? Do you want death and injuries, or just to test the ability to get work up and going someplace else? How long will your downtime duration be? Conducting the Exercise Set the Ground Rules Silence Cell Phones Establish timelines Maximum 4 Hours - breaks, lunch etc.. Who leads the exercise? Consider issues that need to be tabled for later discussion 8

Conducting the Exercise Set the Ground Rules Accept the Scenario as Real Stay in the Scenario -stay in the mindset that the disaster is really occurring Who will take notes record issues / follow-up Consider taping the exercise on an audio recorder Exercise Evaluate - Update Planned Test scheduled in advance Attendance by all BCP Team required Team is aware of test scenario Document Team Member Attendance Confirm that all Team Members have their own up-to-date copy of the plan The BC coordinator confirms updates are in the plan. 9

Exercise Evaluate - Update Review policies and procedures Discuss business area changes since last updates? Confirm accuracy of phone numbers Verify Secure and accessible storage of plan (at home) Executive summary of the test and discussion results Resources NIST SP800-84 - Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities Homeland Security Exercise and Evaluation Program (HSEEP) hseep.dhs.gov CSOonline Business Continuity, www.csoonline.com FIPCO, www.fipco.com/itservices, kshaurette@fipco.com TIP Experience has shown that well planned and interesting exercises yield a high level of preparedness with personnel who are able to better cope with the stressful environment of an actual emergency. 10

Sample Tabletop Exercise Testing Fire in the Server Room (a/k/a Data Center) CLICK HERE 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information