Information System Contingency Plan

Amazing Essays
(see Figure 4). Furthermore, organizations should contemplate contingency strategies to provide the replacement of equipment, cost considerations, and the roles and responsibilities.
Figure 4. Sample Alternate Site Criteria (Swanson et al., 2010) Develop an information system contingency plan. The information system contingency plan comprises the methods that an organization should adhere to during a disruption of its information systems. This document should be specific to the organization and should reference the BIA performed for the organization. According to Lennon (2002), this plan should comprise the subsequent five sections encompassing the supporting information component, notification/activation phase, recovery phase, reconstitution
…show more content…
During this phase of the planning process, the organization should test its plan to ensure that it is effective, instruct its personnel to ensure they recognize and understand their roles and responsibilities, and identify gaps in the plan or training. According to Swanson et al. (2010), testing should be conducted in an operational environment to ensure the effectiveness of the recovery procedures. Also, personnel training should ensure that the personnel comprehend the IT contingency plan, reporting procedures, security requirements, processes, roles and responsibilities, and coordination and communication (Swanson et al., 2010). Finally, organizations may utilize tabletop and/or functional exercises to validate the IT contingency plan (Swanson et al., 2010).
Ensure plan maintenance. During the plan maintenance phase of the planning process the organization must ensure to regularly update the plan to meet business needs, hardware/software upgrades, and policy updates (Swanson et al., 2010). As a result, by ensuring the IT contingency plan is updated to meet shifting environments, the organization will have an effective document implemented for business continuity.
Possible Recovery
…show more content…
Tabletop exercises are not operationally based, but discussion based system testing. Furthermore, these exercises should be conducted in a classroom environment and are scenario based exercises that are discussed in a group setting. According to Grance et al. (2006), these scenarios test the knowledge of personnel regarding their roles and responsibilities in regards to the IT contingency plan and cost effective methods of validating all contingency plans. As a result, this form of exercise can be conducted on a regular basis because of its low cost and non-impact to ongoing operations.
Functional exercises. Functional exercises are a scenario based comprehensive testing, which is conducted in a simulated operational environment. Swanson et al. (2010) explains that this exercise provides the organization with an outlook of the validity of its IT contingency plan, backup and recovery, and the training of its personnel involved in implementing the plan. However, these exercises are not as cost effective as tabletop exercises because of the duration and complexity; so should be conducted annually to validate the complete IT contingency plan and make changes as needed.
Proposed Business Contingency Testing

Related Documents

  • Decent Essays

    Following the preliminary engagement activities, the audit team should go about setting an audit strategy and have an audit plan developed. The strategy will go over aspects of how the audit procedure and discuss the scope, timing, and direction of the audit itself. This well help determine resources that the audit team will need in order to carry out the audit including experience of auditors, and the industry specific skills that may be necessary. Amount of resources should also be taken into consideration, such as the number of partners, managers, seniors, and associates we may need. In terms of timing, there should be an understanding of when the engagement will take place, in addition to deadlines that are given.…

    • 818 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    III. Identification of opportunities and Issues: In this stage the ‘process models’ become important. The project team must design methodologies and detailed data flow diagrams in order to define the functional areas, functions and processes and inter-relations of the processes. The purpose of these models is to perform gap-analysis to identify operational improvement opportunities. The result of these activities will help to identify situations of improvement and will feed the creation and development of an IT Strategic…

    • 2441 Words
    • 10 Pages
    Decent Essays
  • Decent Essays

    & Thompson, A. (2011) it is important for organizations to have a strategic plan for their companies. In addition, they should be able to make changes within the organization if necessary. One way for a company to decide if it needs to make changes is by conducting a SWOT analysis. The SWOT analysis identifies the strengths’, weaknesses, opportunities, and threats that all organizations should identify.…

    • 1365 Words
    • 6 Pages
    Decent Essays
  • Decent Essays

    Further Vulnerabilities need to be identified. This is done by vulnerability scanners, penetration testing, and checklists. After vulnerabilities are identified, we should proceed and identify threats that can harm or affect critical operations and assets. The next step is to develop a Risk Profile which lets us analyze and rank risks according to their impact to the environment. Lastly, risk reduction plan needs to be developed.…

    • 980 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    A planned design is framed to meet the required desires through the formulation of objectives, stepladders, and contents of the training. HRIS is also able to develop a training program capable of completing the organizational objectives set about by the management. The system also enhances execution capabilities. It is the implementation of the training platform. Once implemented, the loopholes and downsides of the training procedure are acknowledged by the HRIS.…

    • 961 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    The quality management processes are designed to ensure the end product meets expectations. Human Resource Management In planning for the M&M® Rotational Flavor Project it was determined that additional human resources would be required to meet the needs of the project (Appendix D). The HR department was responsible to acquiring these individuals. They…

    • 891 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    He first presents the four phases of what he calls traditional strategic planning, where the organization first scans the internal and external environments to determine strength, weakness, opportunities and threats; also identifies past and present trends. Secondly, management defines long-term objectives and short-term goals based on the information gathered during environmental scanning. The third phase is to generate implementation, spell out in details the necessary steps to achieve the goals and objectives. In the final phase, management evaluates and control, keep tract of the obstacles that arise during the implementation process, and make adjustments where needed. Secondly, Roth (2015) presents another approach to planning: reactive, inactive, preactive, and interactive stressing the interactive planning.…

    • 832 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    Incident response (IR) is a set of procedures that commence when an incident is detected (Whitman, 2008)”. It’s important to remember that IR is a reactive measure. Disaster recovery planning (DRP) prepares an organization for recovery from a disaster, whether natural or man-made. The goal of a DRP is defining how to reestablish operations at the primary location. A disaster recovery plan consists of a tested set of procedures for reacting to and recovering from a disaster.…

    • 1395 Words
    • 6 Pages
    Decent Essays
  • Decent Essays

    In addition to managing ongoing IT operations and system development, the IT function must ensure that computing resources are operational and secured. To ensure that computing resources are secured, management should establish a process to account for all IT components. Processes should be in place to identify, track, and resolve problems in a timely manner. We recommend that FFC should implement a business continuity management program immediately that defines an effective policy and response plan, and assigns responsibilities to an established response team. FFC should regularly rehearse the plan, perform timely and appropriate maintenance, and review the testing and updating to confirm that the plan is operating effectively.…

    • 1213 Words
    • 5 Pages
    Decent Essays
  • Decent Essays

    Typically, a company will have to contract with a technical support specialists from the ERP software supplier to assist them with the implementation process. Additionally, the ERP implementation includes establishing security and permissions, so users have the access they need when utilizing the ERP software. Companies who are implementing the ERP system within their organization need to be sure user training is being provided as this could determine the success or failure of the ERP system. When a company looks to implement the ERP system, they need to determine if they want to cutover directly to the new system or phase into…

    • 720 Words
    • 3 Pages
    Decent Essays

Related Topics