Business Continuity Plan and Disaster Recovery plan

1. Business Continuity Plan and Disaster Recovery plan Abdulrahim Al-Abri

2. outline • Definitions • BCP Phases • Project Management and intonation • Conduct Business Impact Analysis • Recovery Strategies • Plan Design and Development • Testing, maintenance, awareness and training

3. definitions • Business Continuity: can refer to managed strategy considering plans, procedures and technical controls that make recovery of IT systems, business operations, and data possible after a disruption. • Recovery for: • IT operations in alternative site. • IT operations using alternative hardware/software • BC standards: ISO27002, ITIL, (ISC)2 , BS25999, ISO/PAS 22399

4. BCP Phases • Project Management and intonation • Conduct Business Impact Analysis • Recovery Strategies • Plan Design and Development • Testing, maintenance, awareness and training

5. Project Management and intonation • Developing and approval of BCP policy • Define BCP committee: operational units representatives, senior management, IT security, IT specialized experts, and optionally support units like (technical affairs) • Define BCP project scope and objectives • Provide the necessary project funds and recourses

6. Business Impact Analysis • Collect data through interviews, survey, documenting business functions, transactions. activities, • Develop hierarchy of business functions and apply a classification scheme to indicate each individual function’s criticality level. • Identify the resources that these functions depend upon • Calculate Maximum Tolerable Time (MTD) for these functions • Identify vulnerabilities and threats to these functions

7. Business Impact Analysis cont. • Calculate risk for each different business function • Document findings and report them to management

8. Recovery strategies • Business process recovery • Facility recovery

9. Recovery strategies cont • Supply and technology recovery • Network and computer equipment • Voice and data communications resources • Human resources • Transportation of equipment and personnel • Environment issues (HVAC) • Data and personnel security issues • Supplies (paper, forms, cabling, and so on) • Documentation • Data recovery • Restoring Backed-up data

10. Plan Design and Development • All finding and decisions should be developed and documented. • Submission of document for approval • Also, this phase define the execution procedure for the plan.

11. Testing, maintenance, awareness and training • This step to test that your decisions are suitable and correct. • Type of tests: • Checklist Test • Structured Walk-Through Test • Simulation Test • Parallel Test • Full-Interruption Test

12. Testing, maintenance, awareness and training cont. • Maintaining the plan: • Make business continuity a part of every business decision. • Insert the maintenance responsibilities into job descriptions. • Perform internal audits that include disaster recovery and continuity • documentation and procedures to update the plan. • Integrate the BCP into the change management process • Training and awareness program should be included in the BCP planning process.

13. questions