STRUCTURED EXTERNAL ASSIGNMENT

profilesan394
Chapter_07.pptx
Home>Information Systems homework help>STRUCTURED EXTERNAL ASSIGNMENT

Chapter 7

Mitigation and Business Continuity Strategy

Introduction

High level strategy of alternate data processing and alternate workspace

Each team may have different strategies or ones that support the higher level

Strategies are directly tied to the Business Impact Analysis and the Risk Assessment

Mitigation applies to strategies to protect the organization from risk

Mitigation is sustained action that reduces or eliminates long-term risk

NFPA requires when hazard cannot be prevented

Mitigation

Emergency management, like PDCA, is not a linear process

Post disaster is opportune time to build mitigation

Mitigation eliminates or reduces impact

Mitigation allows for rapid response and recovery

Mitigation is cost-effective

The characteristics of hazards must be completely understood to effective mitigate their effects and avoid surprises

Mitigation

Mitigation should follow the Hierarchy of Controls (ANSI Z-10)

Elimination

Substitution

Engineering Controls

Administrative Controls

Personal Protective Equipment (PPE)

Mitigation

Mitigation

Other forms of mitigation include:

Service Level Agreements

Redundancies and Divergence

Separation of Hazards

Mitigation must be:

Cost-effective

Can be a “big ticket item”

May need to be spread among numerous budget cycles

Have alternate plans ready

Technically feasible

Not create additional hazards

Funding Strategies

Business Continuity Strategy

Core around which the Business Continuity Management System is built

Most effective when developed by process owners

Strategies must:

Be cost effective

Technically feasible

Consider the output of the Business Impact Analysis and Risk Assessment

Aligned with the RTO, RPO, MAO

Business Continuity Strategy

Adhere to any assumptions in the plan

Minimize any changes to routine

Not establish unfamiliar organizational structures

Not require extensive training post disaster

Vital Records

Primary cause for failure to recover after disaster

Loss of Accounts Receivables

Records Management System

Business Continuity Strategy

Strategies for:

Accounting, Finance, Payroll

Business Continuity Cost Account

Customer Service, Technical Support

Facilities

Human Resources

Accounting for Personnel

Housing and feeding

Pandemic Influenza

Business Continuity Strategy

Strategies for:

Information Technology

Insurance and Risk Management

Legal

Regulatory compliance

Manufacturing

Public Relations

Brand and Reputation

External Communications

Business Continuity Strategy

Strategies for:

Purchasing / Procurement

Supply Chain requirements

Sales and Marketing

External Communications

Telecommunications

Business Continuity Strategy

Strategies can result directly from the Business Impact Analysis questions

Alternate location

Forward mail and deliveries

Publish locations

Relocate to undamaged portions of building

Hotels and convention centers

Bring home laptop systems

Communicate

12

Review

Mitigation is action taken to eliminate or reduce the impact of hazards

A mitigation plan is required by the standards

Identify and understand the effects of hazards

Hierarchy of Controls

Continuity Strategies based on BIA and Risk Assessment

Primary and team strategies

Must be cost-effective and align with RTO