Information Technology Reference
In-Depth Information
business function and a disaster is merely one of clock time. After X [minutes |
hours | days] an annoying interruption to a key revenue stream becomes a threat
to survivability.
8.14.4
Best Practices
ISO 27002 provides for business continuity management and addresses BC issues,
including BC management process, impact analysis, writing and implementing
continuity plans, BC planning framework, and testing, maintaining, and reassess-
ing BC plans. Table 8.4 provides a view of BC best practices.
8.14.5
COOP: Determining Priorities
Those users that carry out the organizational mission include those who gener-
ate the revenue, perform the service, produce the widget, fly the airplane, and
install the equipment. All other aspects of the organization
support
the execution
of the core mission in one manner or another. Support roles include accounting,
human resources, information technology, and information assurance. To be in a
support role is not less, more, worse, or greater than being in a role that directly
fulfills the mission; it is just different. One framework that must consider the
distinction between mission and mission support is the continuity of operations
plan (COOP) framework:
n
n
n
n
n
n
Key business functions (mission functions)
Key personnel
Key infrastructure
Support functions
Support personnel
Support infrastructure
Organizational survivability is like organism survivability, e.g., a human. A
person can survive without an arm or a leg; however, a human cannot survive
without a head. All extremities are important; some are critical to survival and
some are not. Likewise for an organization, where all aspects are important, but
some are critical to survival. For example, a human resources (HR) database
is important, but not imminently critical to the survival of the organization,
where people, technology, and activities that directly satisfy customer demand
(i.e., fulfill the mission) are critical to survival. For purposes of continuity and
disaster recovery, mission critical takes priority. The COOP framework assists in
identifying these priorities.
The COOP framework provides guidance to defining a business continuity/
disaster recovery (BC/DR) plan where continued operations or recovery of key
