STRUCTURED EXTERNAL ASSIGNMENT

san394
Chapter_08.pptx
Home>Information Systems homework help>STRUCTURED EXTERNAL ASSIGNMENT

Chapter 8

Business Continuity Plans and Procedures

Introduction

Emphasis now on building Business Continuity Management System, not plan

Plan still important

Plan lists procedures and resources for team to implement strategies

Standards do not draw solid distinctions between Emergency Response and Business Continuity Plans

Basic Plan and Team Plans

Multi-hazard Functional Planning

All-hazards emergency operational planning

Fundamental Attributes of the Plan

Consistent throughout the organization

Standards require duplication of certain information in all plans

Follows document control procedures of organization and standards

Exist in redundant formats

Organized in a logical sequence

Simple and easy to follow

Fundamental Attributes of the Plan

Complete but overly detailed

Assign roles, responsibilities, lines of authority

Include a glossary

No acronyms

Flexible to respond to unforeseen issues

State assumptions

Fundamental Attributes of the Plan

Detail modes of communication

Concentrate less on technical and more on informational

List resources and tasks necessary for continuity operations

Implementation procedures

Easy to maintain

Plan Organization and Structure

Basic plan contains information of interest to all continuity team members

Basic Plan should contain the following sections:

Table of contents

Statement of Policy

Purpose

Scope

Objectives

SMART objectives

Plan Organization and Structure

Assumptions

Damage Assessment

Invocation (Activation) Criteria, Procedures and Authority

Triggers and invocation criteria

Escalated approach

Stand down procedures

Plan Organization and Structure

Order of Succession and Delegation of Authority

Required by some of the standards

Plan Organization and Structure

Continuity Organizational Structure

Team Leader and EOC liaison

Plan Organization and Structure

Communication of Information

Receipt of external communication

External situational information

Communication to external parties

Survivability of warning systems

Interoperability of communication systems

Redundancy of communication systems

Internal communication with employees

Plan Organization and Structure

Operational communications

Emergency Telephone Numbers

Emergency Operations Center

Alternate Locations and Space Allocations

High level

Team Specific

Transition to new or refurbished facility

Plan Organization and Structure

Recovery Priorities or Recovery Time Objectives (RTOs)

Internal and External Dependencies

Documentation of Expense and Activities

Additional Information

Plan Distribution

Confidentiality

12

Plan Organization and Structure

Orientation and Training

Exercising and Testing

Plan Maintenance

Confidentiality

Appendix

13

Team Plans

Various forms

Executable documents

Common executable instructions

Teams generally aligned with functional departmental

IT sub-teams

Team Leader and responsibilities

Ensures team task instruction are carried out

Financial

14

Team Plans

May prepare end of day status report

Point of communication with EOC, other Team Leaders

Qualities of Team Leader

Team Plans introductory contents:

Stand alone (blended with Basic Plan) or appended to Basic Plan

Contain brief overview of critical functions

Optional outline of strategies

15

Team Plans

Activation criteria if different from the Basic Plan

Alternate workspace location

Team Member Call List

Essential vs. non-essential personnel

Helps determine welfare of individuals

Contact methods

16

Team Plans

Team Task Instructions

Procedures to implement strategies

Arranged in sequential order as much as possible

Minimize the need for decision making

Should closely match normal duties

Team Leader can have separate list

ICS

Incident Action Plans

17

Team Plans

Stand down procedures

Internal / External Contact List

Critical vendors and internal contact numbers

Redundant numbers

Critical Resource Lists

Forms and Supplies

Equipment needs

Software List

Vital Records

Appendix

18

Team Plans

Management / Crisis Management Team

Confusing distinctions within the standards

Crisis Management applies to reputation

Management Team

Directs Continuity / Recovery

Strategic decisions

EOC staff may take number of responsibilities to manage incident

CEO, COO often team leader

Generally collocates with EOC

Scripted tasks must be approved ahead of time

19

Team Plans

Emergency Operations Center

Focal point for situational information and analysis

Tactical decisions

Resource allocation

Management Teams meets to direct operations

Structure and complexity anticipated ahead of time

Can structure according to ICS

20

Team Plans

Secure, central location

Virtual EOC

EOC equipment and support

Informational inputs

Communications

Status boards

Utilities

Networks

Hours and human factors

21

Planning Responsibilities

Basic Plan

Team Plans

Management Plan

EOC

Emergency Plans (EPIP review)

22

Review

Plans document procedures necessary to manage continuity objectives

Basic Plan and Team Plans

Team Plans executable documents

Allow for midcourse adjustments

Must explain:

Lines of authority

Damage assessment

Invocation

Communication

Management Team oversees entire incident

EOC coordinates response and recovery of incident

23