Professional Documents
Culture Documents
Managing the companies risk is gaining more and more importance. Companies are getting
more aware of the fact that risks should be foreseen and addressed before they could prove
havoc for the organization in any regard.
Audit Trails
Establishing clear audit trails is an absolute must as much as managing physical
environmental risks. They help in identifying the start and execution of transaction from the
cradle to the grave. Audit logs to be kept should also record the errors occurring and possible
actions should be taken to mitigate risks. Maintaining audit logs also helps in drilling down
for investigation purposes. Exception report can also be prepared from these audit logs.
The Senior management and the board of Directors are responsible for identifying, assessing,
prioritizing, managing and controlling risks. They should ensure that necessary resources are
devoted to creating, maintaining and testing the BCP. The effectiveness of the BCP depends
on management commitments and ability to clearly identify what makes business processes
work. BCP is not limited to the restoration of the IS technology and services or data
maintained in electronic form. Without a BCP that considers every single business unit
including personnel workspace and similar issues.
An organization may not resume serving its customers at acceptable level. Business
Continuity Planning is a process designed to reduce the organization’s business risk arising
from operational dysfunction. These operations are critical and necessary for the survival of
the organization. The operations which are critical may be either manual or automated.
The planning of operations also include human/material resources supporting these critical
function/operations and assurance of the continuity of the minimum level of services
necessary for critical operations. BCP methodology is scalable for an organization of any size
and complexity. The plan can be made for an organization with operations of any type. Any
type of organization may create a BCP manual, and arguably every organization should have
one in order to ensure the organization's longevity. A business continuity plan is much more
than just a plan or the information system. A business continuity plan identifies what the
business will do in event of disaster.
Media Back up
Taking back up on regular basis of business transactions and other data from the IS is very
critical to an effective BCP.
1. Cold sites: If an organization can tolerate some downtime, cold sites backup might be
appropriate. A cold site has all the facilities needed to install a information system
raised floors, air conditioning, power, communication lines and so on. The cold site is
ready to receive equipment, but does not offer any components at the site in advance
of the need. Activation of site is may take several weeks depending on the size of
information processing facility.
2. Hot sites: If fast recovery is critical, an organization might need hot-site backup. All
hardware and operations facilities will be available at the hot site. In some cases,
software, data, and supplies might also be stored there. Hot sites are expensive to
maintain. They usually are shared with other organizations that have same hot site
needs.
3. Warm sites: They are partially configured, usually with network connections and
selected peripheral equipment, such as disk drives, tape drives and controllers, but
without the main computer. Sometimes a warm site is equipped with a less powerful
CPU, than the one generally used. The assumption behind the warm site concept is
that the computer can usually be obtained quickly for emergency installation and
since, the computer is the most expensive unit, such a arrangement is less costly than
a hot site. After the installation of the needed components the site can be ready for
service within hours; however, the location and installation of the CPU and other
missing units could take several days or weeks.
5. Third Party arrangements: Apart from having a give -and-take relationship with
other organizations, an agreement may also be signed with third party vendors so as to
@ St. Paul’s University
4
outsource the disaster recovery process. The responsibility of the site development
lies completely with the third party. The shift in responsibility can help organization
to stop worrying of the recovery site all the time.
16.11 Monitoring
Once the plan has been tested and implemented, it needs to be monitored and updated on
regular basis for following reasons.
• Changes in business strategy may alter the significance of critical application or deem
additional applications as critical.
• Changes in the software or hardware environment may make current provisions
obsolete or inappropriate
• Incidents emerging and affecting the organizations business continuity issues.
• Reassessing the risks, their impact and likelihood of occurrence
• Identifying any newly emerged risks and including them in the BCP
@ St. Paul’s University
5
• Training of the new recruits as and when they are employed.