278 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
Steering Committee
e purpose of the steering committee is to provide a strategic, holistic view of
business continuity, disaster recovery, and continuity of operations across the enter-
prise. e scope and mandate of the steering committee should be clearly dened
in the Terms of Reference. ese should be developed in full consultation with
representatives from the business, the technical, and the security domains across all
elements of the organization.
Business Managers
Business managers are key to any business continuity, disaster recovery, and continu-
ity of operations. ey understand the prioritization of the impact to the business of
the loss of any operational component at whichever layer of the security “onion” the
component may reside. eir role is to advise on the impact of a “systems” failure to
the business on scal, human, reputation, and operating activities. Accordingly, they
should determine strategic priorities where conicts of priorities arise.
Stakeholders
Other stakeholders may include customer-facing managers, business development
managers, and third-party managers.
The Business Continuity and Disaster
Recovery Project Steering Committee
In order for business continuity and disaster recovery to receive support within
your organization it should have champions and sponsors at the highest level. e
steering committee should comprise senior managers from the business and techni-
cal areas of the business to ensure that all areas of the business are protected.
The Project Team Identification of Roles,
Responsibilities, and Accountability
Disaster recovery planning involves more than o-site storage or backup process-
ing. Organizations should also develop written, comprehensive disaster recovery
plans that address all the critical operations and functions of the business. e plan
should include documented and tested procedures, which, if followed, will ensure
the ongoing availability of critical resources and continuity of operations.
Developing the Project Plan and Governance
Table4.2 is an example of the stages and activities you might consider for inclusion.