Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
• A business continuity plan (BCP) contains strategy documents that provide
detailed procedures that ensure critical business functions are maintained and that help minimize losses of life, operations, and systems. |
• A BCP provides procedures for emergency responses, extended backup
operations, and post-disaster recovery. |
|
|
• A BCP should reach enterprisewide, with individual organizational units each
having their own detailed continuity and contingency plans. |
• A BCP needs to prioritize critical applications and provide a sequence for
efficient recovery. |
|
|
• A BCP requires senior executive management support for initiating the plan
and final approval. |
• BCPs can quickly become outdated due to personnel turnover,
reorganizations, and undocumented changes. |
|
|
• Executives may be held liable if proper BCPs are not developed and used.
|
• Threats can be natural, manmade, or technical.
|
|
|
• The steps of recovery planning include initiating the project; performing
business impact analyses; developing a recovery strategy; developing a recovery plan; and implementing, testing, and maintaining the plan. |
• The project initiation phase involves getting management support, developing
the scope of the plan, and securing funding and resources. |
|
|
• The business impact analysis is one of the most important first steps in
the planning development. Qualitative and quantitative data needs to be gathered, analyzed, interpreted, and presented to management. |
• Executive commitment and support are the most critical elements in
developing the BCP. |
|
|
• A business case must be presented to gain executive support. This is done by
explaining regulatory and legal requirements, exposing vulnerabilities, and providing solutions. |
• Plans should be prepared by the people who will actually carry them out.
|
|
|
• The planning group should comprise representatives from all departments or
organizational units. |
• The BCP team should identify the individuals who will interact with external
entities such as the press, shareholders, customers, and civic officials. Response to the disaster should be done quickly and honestly, and should be consistent with any other employee response. |
|
|
• Disaster recovery and continuity planning should be brought into normal
business decision-making procedures. |
• The loss criteria for disasters include much more than direct dollar loss. They
may include added operational costs, loss in reputation and public confidence, loss of competitive advantage, violation of regulatory or legal requirements, loss in productivity, delayed income, interest costs, and loss in revenue. |
|
|
• A survey should be developed and given to the most knowledgeable people
within the company to obtain the most realistic information pertaining to a company’s risk and recovery procedures. |
• The plan’s scope can be determined by geographical, organizational, or
functional means. |
|
|
• Many things need to be understood pertaining to the working environment so
it can be replicated at an alternate site after a disaster. |
• Subscription services can supply hot, warm, or cold sites.
|
|
|
• A reciprocal agreement is one in which a company promises another company
it can move in and share space if it experiences a disaster and vice versa. Reciprocal agreements are very tricky to implement and are unenforceable. However, they are cheap and sometimes the only choice. |
• A hot site is fully configured with hardware, software, and environmental
needs. It can usually be up and running in a matter of hours. It is the most expensive option, but some companies cannot be out of business longer than a day without detrimental results. |
|
|
• A warm site does not have computers, but it does have some peripheral
devices such as disk drives, controllers, and tape drives. This option is less expensive than a hot site, but takes more effort and time to get operational. |
• A cold site is just a building with power, raised floors, and utilities. No devices
are available. This is the cheapest of the three options, but can take weeks to get up and operational. |
|
|
• When returning to the original site, the least critical organizational units
should go back first. |
• An important part of the disaster recovery and continuity plan is to
communicate its requirements and procedures to all employees. |
|
|
• Testing, drills, and exercises demonstrate the actual ability to recover and can
verify the compatibility of backup facilities. |
• Before tests are performed, there should be a clear indication of what is being
tested, how success will be determined, and how mistakes should be expected and dealt with. |
|
|
• A checklist test is one in which copies of the plan are handed out to each
functional area to ensure the plan properly deals with the area’s needs and vulnerabilities. |
• A structured walk-through test is one in which representatives from each
functional area or department get together and walk through the plan from beginning to end. |
|
|
• A simulation test is one in which a practice execution of the plan takes place.
A specific scenario is established, and the simulation continues up to the point of actual relocation to the alternate site. |
• A parallel test is one in which some systems are actually run at the alternate site.
|
|
|
• A full-interruption test is one in which regular operations are stopped and
where processing is moved to the alternate site. |
• Remote journaling involves transmitting the journal or transaction log offsite
to a backup facility. |
