list what it would take for each to resume adequate operations
Business Continuity Transcript
[MUSIC PLAYING]
You are working at your desk when your boss, CIO Maria Sosa, stops by. Maria says, did you hear that we won the contract to provide cloud-based computer services for Enrocca? This is a high-profile contract and working with this federal client is a big win for us.
You respond, that’s great news. I know that the compliance requirements for working with a federal agency are pretty substantial and include a thorough business continuity plan. We’ll need to meet or exceed the federal standards for compliance, so we should start the process of updating our BCP soon.
Maria nods and replies, good point. Remember when the Poser Soft servers were damaged by that flood last year? That caused them to be late on their deliverables to Enrocca. We definitely don’t want something like that to happen to us.
As Maria is speaking, you remember that a friend of yours was laid off when Poser Soft lost the Enrocca contract because of that very incident. You assure Maria that you’ll get started on the new BCP this week.This section is to facilitate continued progress to the ultimate goal of enterprise risk management. A primary element or baseline of this process is the business continuity plan (BCP). With the previous projects of identifying vulnerabilities and assessing the risk of the various cyberattacks that can occur, the next level of preparation is to create a plan to continue operations should a worst-case scenario event take place.
In the following exercises, the earlier results are the basis for planning this investigation. The vulnerability assessment in Project 1 helped determine where to look in the creation of the risk assessment in Project 2. The steps of this project will help document what to do to “put it all back together,” in an orderly, prioritized method following a documented plan. That plan is the BCP.
The BCP assignment will detail the following elements:
resources required and defined stakeholder roles
business impact analysis
recommended preventative controls
recovery strategies
contingency plan that includes implementation and maintenance guidelines and defined procedures for testing the plan
Grades are determined on the ability to clearly articulate a developed, effective business continuity plan that considers relevant environmental factors and aligns with organizational objectives.
This is the third of four sequential projects. There are 13 steps in this project. Begin below to review your project scenario.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
1.4: Tailor communications to the audience.
2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
9.1: Develop, implement, and maintain a business continuity plan, ensuring alignment with organizational goals and objectives.
The process of business continuity planning addresses the preservation and recovery of business in the event of outages to normal business operations. The output of the process is the business continuity plan, an approved set of documented arrangements and procedures that enables an organization to facilitate the recovery of business operations, minimize losses, and replace or repair incurred damages as quickly as possible (Ouyang, n.d.).
According to the National Institute of Standards and Technology’s Special Publication 800-34, Contingency Planning Guide for IT Systems, business continuity planning is an ongoing task, the goals of which are to (Ouyang, n.d.)
sustain operations
recover and resume operations
protect assets
Goals of the BCP Cycle
sustain — Recover and resume — Protect —– sustain.
In the case of your particular organization, the company has an existing business continuity plan, so the first task may be to review the company plan. However, in your organization, as with many others, the business continuity plan (BCP) was written, put on the shelf, and rarely, if ever, referenced unless an emergency requires implementation of the plan.
Knowing this, assume the project is starting from scratch, so take some time to the business continuity planning process, if needed.
The next step will involve planning for the BCP, including establishing a need and defining a scope.
Reference
Ouyang, A. (n.d.). CISSP common body of knowledge: Business continuity & disaster recovery planning domain. Retrieved from http://opensecuritytraining.info/CISSP-9-BCDRP_files/9-BCP+DRP.pdf
Step 2: Define the Scope
In the first step, you reviewed BCP methodologies. You are now ready to continue the first part of the planning process, which involves establishing the clear need for a BCP and defining an appropriate scope for the company outlined in the scenario.
The BCP should address aspects of business continuity, business recovery, contingency planning, disaster recovery, and related activities. Focus on those elements of a plan that are adequate and expedient, based on your risk assessment for the enterprise.
Note that governmental agencies are required to develop an enterprise continuity of operations program (COOP). A COOP is a detailed framework that documents how the agency will ensure that essential functions continue through an emergency situation until normal operations can resume. Outside of federal, state, and local government, enterprises call this framework a business continuity plan (BCP).
Both COOPs and BCPs are created to help the organization recover from a disaster.
Consider what aspects of business continuity the BCP will address, such as business recovery, contingency planning, disaster recovery. Submit a brief description for feedback (one page or less) of the topic areas to be covered in the BCP. In the next step, you will use a risk management framework to put together a business impact analysis.
Step 3: Conduct a Business Impact Analysis
You’ve defined the scope for the BCP. Next, use an established risk management framework to conduct a business impact analysis (BIA).
The BIA provides written documentation to assist Maria and the other executives in understanding the business impact should an outage occur. Such impacts may be financial, in terms of lost revenues and additional expenses; operational, in terms of inability to deliver products and services; or even intangible, in terms of damage to the organization’s reputation and loss of public confidence.
This analysis should include all departments and facilities of the enterprise, list what it would take for each to resume adequate operations to meet the needs of the enterprise, and must include each phase of the recovery activities.
Remember, a key element to “business impact” is the financial aspect. What will it “cost” to take a particular action and, equally important, what could be the “cost” of inaction?
Just as in the Risk Assessment of Project 2, prioritization is a key to the successful recovery of operations. The sequence of activities is an essential element in your contingency planning. Refer to the Risk Assessment report delivered in Project 2 to get started.
Use the business impact analysis template business impact analysis template to upload the BIA here for feedback. In the next step, you will take a look at needed resources and who will be responsible for meeting those needs.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
