Information Technology Reference
In-Depth Information
preparation is essential to protect national interests when necessary. Similarly, the
organization may prepare and maintain BCP for years without actually needing it;
however, such preparation may be essential to organizational survival. A compre-
hensive examination of BC includes:
n
n
−
−
−
Determine compliance requirements.
Focus on risk management in business terms.
Business operations impact
Key people as facilitators of operations
Technology as a support structure for key people and operations
Note that technology is important, hence it is on the list, but it is not
first because it is not the driving factor.
Devise a business continuity plan that includes:
Prevention
High availability
Response
Resumption
Recovery
Restoration
n
n
−
−
−
−
−
−
8.14.1
Compliance Requirements
Compliance requirements for business continuity and variations (i.e., continuity
of operations planning [COOP] and contingency planning [CP]) exist through-
out government and the commercial environment. The Department of Homeland
Security (DHS)
IT Security Handbook for Sensitive Systems (MD4300A)
includes
DHS continuity policy, and roles and responsibilities. DoD Instruction 8500.2:
Information Assurance Implementation
contains 24 controls under continuity. A
major goal of NIST FIPS 191:
Guideline for the Analysis of Local Area Network
Security
is to ensure LANs have appropriate contingency plans or disaster recovery
plans to provide continuity of operation.
8.14.2
Policy
BC policy reflects how the organization manages and controls risk. State the BC
policy in quantifiable business terms; sample statements include:
n
A business impact assessment (BIA) identifies key business functions, key
being:
Contribution to the top 80 percent of recurring revenue stream
The loss of which will cause imminent and future loss of revenue
−
−
