Incident Response Plan

profilesepola
bd_ch_10_sect_04_01.html
Home>Computer Science homework help>Incident Response Plan

Business Continuity Policy

BCP begins with the development of the BC policy The policy document that guides the development and implementation of BC plans and the formulation and performance of BC teams. , which reflects the organization’s philosophy on the conduct of BC operations and serves as the guiding document for the development of BCP. The BC team leader might receive the BC policy from the CP team or might guide the BC team in developing one. The BC policy contains the following key sections:

  • Purpose—The purpose of the BC program is to provide the necessary planning and coordination to help relocate critical business functions should a disaster prohibit continued operations at the primary site.

  • Scope—This section identifies the organizational units and groups of employees to which the policy applies. This is especially useful in organizations that are geographically dispersed or that are creating different policies for different organizational units.

  • Roles and Responsibilities—This section identifies the roles and responsibilities of key players in the BC operation, from executive management down to individual employees. In some cases, sections may be duplicated from the organization’s overall CP policy. In smaller organizations, this redundancy can be eliminated because many of the functions are performed by the same group of individuals.

  • Resource Requirements—Organizations can allocate specific resources to the development of BC plans. Although this may include directives for individuals, it can be separated from the roles and responsibilities section for emphasis and clarity.

  • Training Requirements—This section specifies the training requirements for the various employee groups.

  • Exercise and Testing Schedules—This section stipulates the frequency of BC plan testing and can include both the type of exercise or testing and the individuals involved.

  • Plan Maintenance Schedule—This section specifies the procedures and frequency of BC plan reviews and identifies the personnel who will be involved in the review. It is not necessary for the entire BC team to be involved; the review can be combined with a periodic test of the BC (as in a talk-through) as long as the resulting discussion includes areas for improvement of the plan.

  • Special Considerations—In extreme situations, the DR and BC plans overlap, as described earlier. Thus, this section provides an overview of the information storage and retrieval plans of the organization. While the specifics do not have to be elaborated in this document, at a minimum the plan should identify where more detailed documentation is kept, which individuals are responsible, and any other information needed to implement the strategy.

You may have noticed that this structure is virtually identical to that of the disaster recovery policy and plans. The processes are generally the same, with minor differences in implementation.

The identification of critical business functions and the resources to support them is the cornerstone of the BC plan. When a disaster strikes, these functions are the first to be reestablished at the alternate site. The CP team needs to appoint a group of individuals to evaluate and compare the various alternatives and to recommend which strategy should be selected and implemented. The strategy selected usually involves an off-site facility, which should be inspected, configured, secured, and tested on a periodic basis. The selection should be reviewed periodically to determine whether a better alternative has emerged or whether the organization needs a different solution.

Many organizations with operations in New York City had their BC efforts (or lack thereof) tested critically on September 11, 2001. Similarly, organizations on the U.S. Gulf Coast had their BC plan effectiveness tested during the aftermath of Hurricane Katrina in 2005.

Listen webReader by ReadSpeaker Open/close toolbar