CONTENTS

Chapter 1: Introduction

What is business continuity management?

Benefits of effective BCM programs

Emerging risk and threat topologies

BCM and risk management

BCM and compliance

BCM and insurance

Chapter 2: Setting up the BCM Program

Gathering key success factors

Establishing the governance model

Establishing the BCM organizational unit

Organizations with a regional or international presence

Chapter 3: Running the BCM Life Cycle

Running the BCM life cycle for the first time

Business impact analysis

Risk and threat assessment

Strategies and risk treatment plans

Planning and implementation

Awareness and training

Testing

Rerunning the cycle

Chapter 4: BCM Standards

ISO22301 societal security – preparedness and continuity management systems – requirements

ASIS SPC.1-2009 organizational resilience: security, preparedness, and continuity management systems requirements with guidance for use

Chapter 5: Technology Continuity

IT disaster recovery and readiness for business continuity (ITDR and IRBC)

Technology continuity sites

Technology continuity outside IT

Chapter 6: Technology Continuity Standards

ISO/IEC 27031 information technology – security techniques – guidelines for information and communication technology readiness for business continuity (IRBC)

ISO/IEC 24762:2008 information technology – security techniques – guidelines for information and communications technology disaster recovery sites

Chapter 7: Facilities Management and Physical Security

Facilities management

Physical security preparations

Environmental setups and preparations

Chapter 8: Evacuation Plans

Features of an effective evacuation plan

Evacuation plan development

Communicating the plans

Training and testing

Chapter 9: People and BCM

The importance of people

Succession planning

Chapter 10: BCM Software

The need for BCM software

Role of BCM software within the BCM life cycle

Features of effective BCM software

Deploying BCM software

Appendix 1: BCM Policy

Objective

Policy statement

Policy ownership and maintenance

Disaster definition

Policy guidelines

Appendix 2: BIA Questionnaire

Purpose

Questionnaire contacts

Terminology

Understanding your processes – general process information

Understanding your processes – internal and external dependencies

Understanding your processes – impacts and criticality

Identifying RTO, season, and RPO

Understanding your processes – IT and resource requirements

Succession planning – identification of human resources

Assets required during disaster – identification of recovery resources

Appendix 3: BIA Report

Executive summary

Abbreviations and acronyms

Introduction

Scope

Approach

Assumptions

Consolidated results

Observations

Recommendations

Appendix 4: Risk Assessment Questionnaire

Appendix 5: Risk Assessment Report

Introduction

Objectives

Approach

Summary of results

Detailed risk information

Risk treatment plan

Appendix 6: BCM Strategy Report

Executive summary

Introduction

Key inputs for developing the business continuity strategy

Objectives of the business continuity strategy

Methodology

Overview of the preferred/recommended business continuity strategy for the organization

Business continuity strategy – crisis management

Business continuity strategy – processes

Business continuity strategy – technology

Business continuity strategy – data and information

Business continuity strategy – supplies

Business continuity strategy – people

Business continuity strategy – facilities and premises

Business continuity strategy – business continuity management

Implementation and ownership

Appendix 7: BCM Plan

Scope

Objective

Team leader contact details and responsibilities

Team member details

Activities to be performed immediately after a disaster

Activities to be performed during disaster recovery

Relevant locations

Processes to be performed if IT systems are available

Processes to be performed if IT systems are not available

Resource requirements

List of documents/manuals to be stored off site

Contact list

Vendor list

Sample press release

Handling a media interview

Appendix 8: ITDR Plan

Scope

Objective

Team structure

Activities to be performed immediately after a disaster

Activities to be performed during disaster recovery

Relevant locations

Disaster declaration matrix

Recovery procedures

List of documents/manuals to be stored off site

Contact list

Vendor list

Appendix 9: Evacuation Plan.

Description of building

Map containing building and assembly point(s)

Floor layouts

Handling fire emergencies

Roles and responsibilities

Important emergency numbers

Employees’ emergency contact information

Appendix 10: Test Plans and Forms

Scope

Objectives

Test frequency

Test types

The test process and mechanism

Tests calendar

Detailed test plan

Test preparation form

Test assessment form

ITG Resources

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.136.73