question

1. Write a brief summary of the information you found in the articles and websites. In your summary, describe what a BCP is and list the steps for developing a BCP.  Also, describe what a BIA is, how you conduct a BIA, and how the BIA is related to the BCP.

  http://www.ready.gov/business/implementation/continuity and read the “Business Continuity Plan” article.

http://www.ready.gov/business-impact-analysis  and read the “Business Impact Analysis” article.

2. Review the following sample BIA template:

Business Function or Process	Business Impact Factor	IT Systems/Apps Infrastructure Impacts	RTO/RPO
Internal and external voice communications with customers in real-time
Internal and external e-mail communications with customers via store and forward messaging
Domain Name System (DNS) server for internal and external Internet Protocol (IP) communications
Internet connectivity for e-mail and store-and-forward customer service
Self-service web site for customer access to information and personal account information
e-Commerce site for online customer purchases or scheduling 24x7x365
Payroll and human resources for employees
Real-time customer service via web site, e-mail, or telephone requires customer relationship management (CRM)
Network management and technical support
Marketing and events
Sales orders or customer/student registration
Remote branch office sales order entry to headquarters
Voice and e-mail communications to remote branches
Accounting and finance support: Accounts payable, Accounts receivable, etc.

3. For each business function or process described above, assign a business impact factor of Critical, Major, Minor, or None.

4. For each business function or process described above, identify the IT systems and applications impacted by the business function (for example, determine what would be affected if the function or process failed).

5. For each Business Function or Process, use the table above to assign an RTO/RPO according to the corresponding business impact factor.

Critical	RTO: 8 hours	RPO: 0 hours
Major	RTO: 24 hours	RPO: 8 hours
Minor	RTO: 1 week	RPO: 3 days
None	RTO: 1 month	RPO: 7 days

6. Create a business continuity plan policy for the fictional Bankwise Credit Union. In the plan, reference the RTO and RPO standards in the policy’s Standards section:

Bankwise Credit Union

Business Continuity Plan Policy

Policy Statement Insert policy verbiage here.

Purpose/Objectives Define the policy’s purpose and objectives. They should mirror the purpose/objectives of a business impact analysis (BIA).

Scope Define this policy’s scope and whom it covers.

Standards Does this policy point to any hardware, software, or configuration standards? In this case, you need to reference the recovery time objectives (RTOs) and recovery point objectives (RPOs) as standards and metrics. List them here and explain the relationship of this policy to these standards.

 

Procedures Explain how you intend to implement this policy across the entire organization.

 

Guidelines Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.

7. Use the internet to find further information on the differences between policies and plans in information security in general. Use this information to create a high-level explanation for C-level executives. Provide examples of real business continuity policies and how they could be useful in your organization.