Figure 4. Sample Alternate Site Criteria (Swanson et al., 2010) Develop an information system contingency plan. The information system contingency plan comprises the methods that an organization should adhere to during a disruption of its information systems. This document should be specific to the organization and should reference the BIA performed for the organization. According to Lennon (2002), this plan should comprise the subsequent five sections encompassing the supporting information component, notification/activation phase, recovery phase, reconstitution …show more content…
During this phase of the planning process, the organization should test its plan to ensure that it is effective, instruct its personnel to ensure they recognize and understand their roles and responsibilities, and identify gaps in the plan or training. According to Swanson et al. (2010), testing should be conducted in an operational environment to ensure the effectiveness of the recovery procedures. Also, personnel training should ensure that the personnel comprehend the IT contingency plan, reporting procedures, security requirements, processes, roles and responsibilities, and coordination and communication (Swanson et al., 2010). Finally, organizations may utilize tabletop and/or functional exercises to validate the IT contingency plan (Swanson et al., 2010).
Ensure plan maintenance. During the plan maintenance phase of the planning process the organization must ensure to regularly update the plan to meet business needs, hardware/software upgrades, and policy updates (Swanson et al., 2010). As a result, by ensuring the IT contingency plan is updated to meet shifting environments, the organization will have an effective document implemented for business continuity.
Possible Recovery …show more content…
Tabletop exercises are not operationally based, but discussion based system testing. Furthermore, these exercises should be conducted in a classroom environment and are scenario based exercises that are discussed in a group setting. According to Grance et al. (2006), these scenarios test the knowledge of personnel regarding their roles and responsibilities in regards to the IT contingency plan and cost effective methods of validating all contingency plans. As a result, this form of exercise can be conducted on a regular basis because of its low cost and non-impact to ongoing operations.
Functional exercises. Functional exercises are a scenario based comprehensive testing, which is conducted in a simulated operational environment. Swanson et al. (2010) explains that this exercise provides the organization with an outlook of the validity of its IT contingency plan, backup and recovery, and the training of its personnel involved in implementing the plan. However, these exercises are not as cost effective as tabletop exercises because of the duration and complexity; so should be conducted annually to validate the complete IT contingency plan and make changes as needed.
Proposed Business Contingency Testing