Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
Business continuity plan
|
A BCP is designed to mitigate the impact of a disaster by ensuring that critical business operations continue. It outlines methods and procedures for keeping critical applications, data, and services available during a disaster. For example, it may include running systems in a different mode and in a different environment until normal conditions are restored
|
|
|
Disaster recovery plan
|
A DRP outlines how to restore the normal operational state of an enterprise within the minimum possible time, including the required process, personnel, and resources. It focuses on the recovery of IT systems, rather than on business operations or activities
|
|
|
project initation
|
Phase in the development of the BCP:
gaining support from senior management defining the project scope defining a timeline for the project, and developing a company policy for implementing the plan |
|
|
Emergency notification list
|
Created in the first month. This is called a _____________
|
|
|
Backup vital records
|
Done in first six months of BCP.
|
|
|
Business Impact Analysis
|
identifies the essential functions of the business and the capacity of departments or units in the organization to manage and recover from a disaster. The sequence and priorities of the essential functions are assessed and resources needed for recovery are identified.
|
|
|
6 months
|
A BIA should be created within ___
|
|
|
develop strategy
|
Done in 6-9 months of BCP
|
|
|
select an appropriate alternative site
|
Done in 9-12 months of BCP
|
|
|
develop contingency plan
|
Done at end of first 12 months of BCP
|
|
|
tested, maintained, and audited
|
You need to put in place a plan to ensure that the BCP is regularly ________ (3 things)
|
|
|
NFPA 1600
|
In the USA, Title IX of the Implementing the 9/11 Commission Recommendations Act of 2007 recommends that organizations assess their ability to recover from disasters by comparing their BCPs and DRPs to a standard. What standard did the act recommend?
|
|
|
NFPA 1600
|
defines several professional practice areas, each with guidelines that form a basis for business continuity and disaster recovery planning.
|
|
|
Federal Financial Institutions Examination Council
|
Gave booklet on business continuity planning specifies that a financial institution's BCP should focus on resuming and maintaining business operations, rather than just on recovering technology, and that the planning process should occur across the enterprise. It states that the foundation of a good BCP includes a thorough business impact analysis – or BIA – and risk assessment, and that the BCP should be tested and audited independently
|
|
|
NASD Rule 3510
|
requires members of the Securities and Exchange Commission – or SEC – to create and maintain BCPs that meet specific requirements. For example, a member's BCP must enable the continued operation of mission-critical systems and assure customers' prompt access to their funds
and securities. It must identify alternative methods for communication between customers, employees, and the organization that can be implemented in the event of a disaster. |
|
|
NYSE Rule 446
|
requires that members of the Securities and Exchange Commission – or SEC – have written BCPs and conduct yearly reviews of these plans
|
|
|
prioritize systems in terms of their criticality
|
1st goal in BIA
|
|
|
estimate maximum acceptable downtimes
|
2nd goal in BIA
|
|
|
determine resource requirements
|
3rd goal in BIA
|
|
|
recovery time objective
|
The relative importance of recovering each application depends on whether it supports a business-critical function and on the maximum amount of time the business can operate without that application. This is also known as the _______ for an application.
|
|
|
emergency response team
|
The following are responsibilities of what/whom?
retrieval of backups Team members are responsible for retrieving required records and information from the organization's off-site storage facility. procedure execution Team members execute the planned business continuity or recovery procedures that are assigned to them, based on the predetermined priority of each task. Examples of tasks include traveling to alternative sites of operations, assigning team members to shifts, and re-establishing support functions that have been disrupted. communication, and Team members must establish communications with staff at an alternative site and keep command centers up to date with the recovery status. This includes informing the emergency management team of any major or urgent issues for which management support is required. assisting in primary site restoration Team members support the work being done to restore normal operations at the primary site. This includes making lists of the software, hardware, and other equipment that must be replaced at the primary site. |
|
|
company executives
|
lead the organization through an emergency and hold the overall responsibility for its recovery. They're responsible for anticipating, rather than just reacting to, problems and for long-term – rather than just immediate – recovery. They have a broad focus and prioritize the organization's strategy and principles, rather than following established processes.
|
|
|
emergency response team
|
handles the tactical response to an event. It initially assesses the damage caused by an event, declares the event a disaster if necessary, and sets emergency plans in motion. It then administers and manages the day-to-day activities of the recovery.
|
|
|
primary site restoration team
|
responsible for preparing the original site to resume normal business operations. It's also responsible for helping the organization transition back into normal operations at this site.
Usually this team includes facilities and technology staff, potentially with support from legal staff and insurance agents |
|
|
primary site restoration team
|
The following are responsibilities of what/whom?
contacting the organization's lawyer or legal team contacting the organization's insurance agent, if relevant taking pictures of any damaged areas as soon as possible, before items are removed, repaired, or replaced acquiring, building, or renovating the site to physically prepare it for resumption of normal operations recovering lost or damaged information and records, and replacing or repairing damaged technology components, such as computer hardware and network infrastructure |
