Wednesday, June 5, 2019
Business continuity and disaster recovery planning
pipeline continuity and catastrophe recovery supplying vexation continuity platform and contingency recovery curriculum is occupation to help transcription prep atomic number 18 for disruptive events and it is essential to consider the potential impact of hazard and understand the underlying chances. In this my research, I explore transaction continuity planning and contingency recovery planning and its importance in support of operation and establish to manage handiness of faultfinding cognitive operation in the event of interruption.IntroductionBusiness continuity planning (BCP) and misfortune recovery planning (DRP) is a vital role in the giving medication. These plans atomic number 18 basic to the well being of an makeup and anticipated to make sure stability in the face of unexpected or difficult situation. cooking for these conditions is not always directly ahead neither identifies appropriate cause of information, products, and services. These tasks are als o ch onlyenging and fortify of the plan itself. These plans has provision of information and pleader to identify the suitable tools and use in the right time.Organisation has created this plan itself and necessary to consider the possible impacts of casualty and recognize the fundamental risks and build BCP and DRP. interest these activities the plan itself must be constructed no sm in all task. This itself must then be go oned, tested and inspected to ensure that it remains appropriate to the needs of the organization. These plans are cipher to consider all these issues and find the software to assist with BIA and risk analysis along with link the tools to help to create, maintain, and audit the plan itself. (BCP, 2004)BCP and DRP are signifi give the gatet to the behave and sojourn operation of all type of fear. BCP involves developing a reaction strategy for organisation respond to tragedy. chance occurs through proponent failure, accident, natural, IT administrat ion Clash, insider attacks, hacking, terrorism etc. (Barney, 2010) BCP check how organisation go forth take to maintain its operations in emergency and identify potential disasters or emergencies, verify how intend to smear the risk of disaster occur, creating plan reaction, test BCP regularly. These strategies assume increase importance as organisation stimulate increasingly reliant on technology to do seam. As companies place more emphasis on IT and communications services to support their customer communications and transactions, or to help manage supply chains. They become less tolerant of information and service loss as a consequence of disasters. (4service, 2010)This research work deal with calling line continuity plan will keep business up and running through interruption of either kind of disaster and support of operations and establish to manage availability of critical process.1.1 Identify and critically explore business continuity and its importance in business env ironment, distinguish in the midst of business continuity (BC) and disaster recovery (DR) planning.Business ContinuityBusiness continuity planning identifies the exposure of organisation internal and external threats and creates information assets to provide useful sustainion and recovery for the organisation and maintain economical benefit and hold dear of trunk integrity and perform policies, procedures, processes, and plans to certify the continue usage in the organisation.Business continuity plan take to prevent to-do of essential services and restore function as rapidly and smoothly. Business continuity planning develops the business ability to respond to such disruption and resume operations in order to meet business portentous necessity.BCP Importance in business environmentBusiness continuity is a process build up to counter system failure. If IT system fails, its major impact on the whole business consequently organisation should take dynamic interest in start busine ss continuity plan for IT systems. A business continuity plan for your IT systems should include arrangements for providingFacilities and services to enable the business to continue to functionThe critical IT applications and infrastructure necessary to support the recovery of business processes. (Varney, 2010)It is important the BCP plan is clear and brief to certify to all user read it and build easy to all staff responsible for any part of it and it is start of ongoing commitment and also update the business continuity plan. (Varney, 2010)Distinguish between BCP and DRPBusiness Continuity PlanningDisaster Recovery PlanningBusiness Continuity is ProactiveDisaster Recovery is ReactiveBCP focus is to avoid or mitigate the impact of the riskDRP focus is to pick-up the part and re-establish the organisation to business following risk occursBCP has as its scope the entire organisation with critical polish being recovery of mission-critical/ middle business functions to make sure the endurance of the organisationDRP is normally limited in scope to set of classify IT system and infrastructure with goal being entire recovery of the system and infrastructure within a timeframe and minimum info lossBusiness functions to recover in BCP extend beyond IT systemDRP might exclude non-IT business units (Nickolett, 2001)BCP fill up the gap between the disruption occurrence and recovery going on.DRP shut up a breakdown, loss of the systems, people, and facilities. The disruption can impact any or all of these key business inputs.1.2 Evaluate and pardon close to business beat come in slip of paper scenarios for risk assessment, assess different types of organisational assets.Worst strip scenarios for risk assessmentThere are many worst cases scenarios for risk assessment some are as belowInformation data lost Disaster can damage the database and organisation loss confidential data such as staff, customer, vender flesh out and other sensitive informationInformation system failure There are many worst cases in information system failure such as overlooked, quality of purge planning, use of attention tools, object-oriented system development, use software engineering tools and system essential services can stop for time being etc. (Megaessays 2010)Information asset lost Due to the weak security measures Information assets can damage from natural disaster and internal activities in the organisationNatural Disaster Natural disaster are unexpected and it is impossible to fully recover the damage caused by the disaster but it is possible to minimise the potential risk by developing BCP/DRP. (Banger, 2010)Power failure Sometime disruption of power supply or power failure can stop work, services failure, breakdown etc. It can effect in the business.There is one real example of the worst case scenarios for risk assessment is Midmarket CIOs. This company is on the seventh floor of a building but one day in the next office gate the water filter c racked in the office kitchen and sending water flow on the floor and under the wall into facilities. Although critical servers remained dry, the flood destroyed equipment that was on the office floor, including 10 surge protectors, six uninterruptible power supplies, six power bricks and one PC. While things were drying out and a length of wallboard was replaced. CIOs apply DRP to ability for total different accident because floods, fires, power failures and pandemic flu can occur. CIOs take step back and start with risk assessment of all the risks business faces and using risk management tools to calculate worst case scenarios in IT and effect potential loss will have on the business. (Midmarket, 2009) antithetic types of organization assetsThere are following different types of organisation assets to protect in BCP and DRP areDesktop workstation, Laptops, Servers, Printers, Scanners, Firewalls, Routers, Switches, Memory devices etcLicences Software CDs such as windows, Antiviru s, MS Office, software tools and support, other operating system etcDatabase, websites, Photo Copiers, Fax Machines, Telephone System, Multifunction machines etcPaper file records akin asset register, paper files, data, books, government legislation, policies and procedures, customer data and sensitive data etcElectronic records such as emails, organisation shared drives and personal drives, DVDs, CDs, Memory sticks etcMaps, drawers, chairs, desks, cabinets, etcQualified staffs, Record management, etcMachines, Plants, building, fire extinguishers etc.1.3 Explain critically disaster recovery business case, list down and appraise required documentation for BCP and DRP.Disaster recovery business caseThe most critical separate of any IT plan explain the business case and assess of the potential risks to the organisation. There are eight following meet steps in Disaster Recovery Planning in business areStep-1 Project introduction Set the objectives of the DRP initiation, define the sc ope, develop, schedule and identify the risk to the projectStep-2 Assess of Disaster Recovery Assess of location, building composition, computing environment, physical plant security, installed security devices, access control system, software, personal, backup, and operating practicesStep-3 Business Impact Analysis for IT Analysis of all part of business units to support by the IT areas should assume to identify the system and its functions to continuation of the business and the time limitStep-4 Define of requirements All requirements must be defined and detailedStep-5 Plan the project project planning will define the project to be executed and its objectives will develop the DRPStep-6 Execute the project Project must proceed to practices of project management and identify the methods of mitigating the risk will executeStep-7 BCP combination DRP needs to combine back in to the organisations business continuity effortsStep-8 ongoing maintenance and combination Ongoing mainte nance and testing efforts require keeping the plan up to date and processes to identify and mitigate forthcoming risks.Required Documentation for BCP and DRPThere are following necessary document for Business Continuity Plan and Disaster Recovery Plan in the organisation to make a best pan for long run business as followsOrganisation Chart explain names and designationIf existing BRP and DRP and their terms explain in the documentationsScope of BCP and DRP, Procedures and control documentsThe report of Business impact analysis and risk assessment reportStaff, list of vendors, list of emergency services, advisor contact details expound of IT system and communication system specification include maintenance agreementsExisting evacuation procedure, Health safety procedures, fire regulations, operations and administrative proceduresDetails organisation asset, information assets, and IT recordsRelevant organisation regulations, guidelines and insurance information.Details any other doc uments for the support of BCP and DRP. (Yourwindow,2010)1.4 Demonstrate and explore pragmatic approach towards project planning and initiation, describe how to evaluate risk and control in terms of BCP/DRP.Pragmatic approach towards project planning and initiationA pragmatic approach towards project planning needs to be comprehensive and cover all relevant aspects and factors in BCP and DRP. There are some BCP and DRP following steps as followsBusiness continuity planStep-1 Identify strategy objective through performing needs and create outline for strategy performanceStep-2 Establish the business value and identify recovery objectives through data risk and recovery time outlineStep-3 Technology will equivalent for data protection along with backup, disaster recovery etcStep-4 Identify infrastructure and organisational planStep-5 Implement technologies and inform key personnel as to which business processes are impactedStep-6 Test the documented plan continuouslyStep-7 Calculate and authenticate test results comparative to the plans objectivesStep-8 Implement required development and priority as a result of continue testing and evaluationStep-9 continue review and enhance the BRP to replicate organisation change and added new technologiesStep-10 Ensure the entire process continuously. (Miller, 2007)Disaster Recovery PlanThere are following steps to DRP involvesOutline DRP team with senior executives from IT department with specific responsibilitiesPerform Business impact analysis and Risk analysis for business assets, threats and impacts the risk can tolerate need to be determined gird recovery strategies IT security measures like backup etcImplementation, testing and training the employee must be dexterous in the disaster recovery procedures and testing capabilitiesNeed to carry out periodic audit, review and drills of BCP and DRPTypes of disaster which need to be addressedThe essential business processes and activities which are needy on ITThe data and a pplication software needs to be recovered and restored in case of disaster and IT services need to continue function of the eventThe IT infrastructure need to host the data and application softwareDRP arrange strategies and implementation such as backup and protection installingChallenges and emerging threats.(Periasamy, 2007)Bottom of FormEvaluate risk and control in terms of BCP/DRPEvaluate the risk is vital activity in the organisation. There are major threats against business continuity plan and disaster recovery plan areRisk or threatsNatural disaster Fire, flood, earthquake, volcanic eruption, tornadoes, cyclone, heat waving water disaster etcInformation system threats software failure, loss of information and data, system failure, cyber crime, multiple machine failure, capacity overload, interlock failure, etcPlanned activities war, terrorist attacks, hacking, breach the network and database, data theft, unauthorised modification of content, phishing etcLack of utilities power failure, electricity fail, air conditioning failure etcOther vital threats Internal violence and dispute, legislative violation, prod strike, other strike, etc.ControlsClassify the risk (High, medium, low) it will be easy to describe the riskControl must be according to the risk like backup system, data, building etcProper monitoring the risks and threatsRisk must be clear and explainRisk evaluations identify the threats which help to control it.1.5 Critically explain business impact analysis (BIA) activity and describe how to execute it, assess emergency response and operations during period of IT disruption.Business impact analysis activityBusiness impact analysis is an important part of any organisation business continuance plan.BIA is a logical process to identify business substantial systems and activity as sign to any business continuity, disaster recovery, or emergency planning effort and reveal vulnerabilities and planning component to develop strategies for minimi zing risk. angiotensin converting enzyme or more risk identifies causes of the loss of the application, systems, tools or other resource upon that activity is dependent. BIA identifies cost related to failures and it report measure the importance of business components and suggest suitable fund allocation for measures to protect them. (Miller, 2010)How to execute BIABusiness impact analysis execute following guideline to allow organisation are as followsEffectively identify the proper organisational impact of any unexpected disruption of essential information processing systems such as fire, earthquake, theft etcIdentify threats sources and significant vulnerabilities which can lead to unexpected outages / service disruptionExecute suitable protect to reduce the likelihood and consequences should identify threats happenIncrease cost utile and suitable contingency plans and important component disaster recovery / business continuity planning.Emergency response and operations durin g the period of IT disruptionIn case of IT disruption or failure, every organisation has quick emergency response plan to stop and control any damages. Emergency response facility is available in every organisation and DRP team identify the threats of failures. Some of the major elements of emergency response plan as belowEmergency response plan and procedureCommand, control and emergency operations centreEmergency reporting procedure, employee evacuation plans, health and safety, security plansIdentify the disaster in ITPersonnel protection, incident control, effect assessment, choose maximum action etcEmergency response components such as incident preparation, emergency action, facility stabilization, damage mitigation, and testing procedures etc. (Hui, Z,2010)supra elements help to stop the disaster and resume as soon as possible in every organisation.1.6 Explore and appraising different developing and implementing business continuity strategies used by most organisations.Develop ing and implementing business continuity strategiesThe business continuity strategies have five key stages in developing and implementing used by organisation as followsUnderstand the businessProject initiation and create a management structure to build up and carry out the planIdentify the risk and perform risk evaluation and controlEstablish your business impact analysis process and identify the impact of any failures.Business continuity managementDevelop business continuity strategy and identify the areas and focus on the critical operating requirement of the businessDevelop a process level and documented structure stating how significant process will be restarted subsequent failures.Business continuity responseEstablish a crisis management process to respond to incidentsFocus on overall business continuity strategyPut in place business unit plans for every department.Develop business continuity management cultureAwareness and training plansReview the effectiveness of awareness t raining plans.Exercising, maintenance and auditTest the business continuity plans and technical aspectsMaintain the plan and ensure that the documentation remains accurate and reflects any changes inside or outside the businessRegularly audit plans. (Business link,2010)ConclusionI conclude that Business continuity plan and Disaster recovery plan play vital role in every organisation and BCP is ideal strategy to safe business away from a complete disaster because every organisation faces different type of risk and potential disaster and it is an essential tool to allow minimizing the risk and also continuously helps to stop IT disruption and services. BCP involve IT as the main component because every business relies on computer system and its existence can be equalised to the business itself.RecommendationBCP should recognize organisational structure including incident and risk assessment cover all business activities and document strategy for recovery of the organisation all main a reas of the business process and DRP team should deal with disaster recovery phases to complete and minimize the disaster as soon as possible. I recommend following key points related to BCP and DRP plan to become a successful plan in the organisation as belowEmployee training timelyPerform schedule test and evaluation of test resultImplement of test plan updatesConduct crisis management exercisesPerform business impact analysis timelyTop management support every time
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment