Professional Documents
Culture Documents
SE150684
IAA202
Lab due date: 11/3/2022
Lab #8: Develop an Outline for a Business Continuity Plan for an IT Infrastructure
Part A – Develop an Outline for a Business Continuity Plan for an IT Infrastructure
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
• Initiation of the BCP – Introduction, Definitions, BCP Organizational Structure, BCP
Declaration, BCP Communications and Information Sharing, etc.
A reliable business continuity plan is crucial for all businesses, but none more so than the healthcare sector.
Healthcare providers handle some of the most sensitive data and personal records available, and it’s vital that you know
how to properly keep this data safe and accessible in times of disaster.
• Business Impact Analysis – risk assessment and analysis prioritizing business functions and
operations aligned to IT systems, applications, and resources.
If there’s one industry, in particular, that’s vulnerable to serious harm caused by outages and lost data, it’s the healthcare
industry.
Healthcare providers are particularly vulnerable to cyber-attacks and data breaches. In 2019 alone, over 38 million US
healthcare records were exposed, and over 93 percent of healthcare providers have suffered a data breach in the last five
years.
What’s more, healthcare breaches are among the most expensive, with breaches costing providers at least $150 per record
lost.
• Business Continuity / Disaster Readiness / Recovery – RTO, RPO, business continuity
benchmarks, disaster recovery planning (DRP as a sub-set of a BCP plan), recovery steps and
procedures for mission critical IT systems, applications, and data.
A communication plan
A detailed asset inventory
A data restoration priority plan
A vendor communication and service restoration plan
• Develop & Implement the Plan – the plan is a living and breathing document that requires
annual updates and change control revisions. Implementation and the instructions for how to
engage the BCP are part of this section.
Choose a Privacy Officer who will be responsible for overseeing the development, implementation, maintenance of, and
adherence to privacy policies and procedures regarding the safe use and handling of PHI and a Security Officer who will be
in charge of the ongoing management of information security policies, procedures, and technical systems.