Scribd Logo
Upload

Welcome to Scribd!

  • Business Continuity Planning and Disastar Recovery Planning

    Uploaded by

    Piedmond
    17 views22 pages

    Original Title

    BUSINESS CONTINUITY PLANNING AND DISASTAR RECOVERY PLANNING

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    17 views22 pages

    Business Continuity Planning and Disastar Recovery Planning

    Uploaded by

    Piedmond

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 22
    (No.1 for CA/CWA & MECICEC MASTER MINDS } 4, BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING Q.No.1. What is meant by Business Continuity Management (BCM)? Explain need of BCM? (A) (N13-4M) 1. Business Continuity Management (BCM) is a very effective management _process to help enterprises to manage the disruption of all kinds, providing countermeasures to safeguard from the incident of disruption. 2. With the BCM Process, enterprises are able to assess the potential threats and manage the consequences of the disruption, which could reduce or eliminate the losses. 3. In order to ensure effective implementation of BCM, the enterprise should conduct reqular internal audits at planned intervals to conform to the compliance of Business Continuity Process in line 4. Need of Business Continuity Management (BCM — To meet the enterprise business objectives — Ensure continuity of services and operations 5. Business continuity means maintaining the uninterrupted availability of all key business resources required to support essential business activities 6. Some key terms related to BCM. a) Business Contingency: A business contingen computer operations, thereby disruptin event could be a power outage, hardware f itis often called a disaster. is an event with the potential to disrupt sion_and_business functions. Such an fe, or storm. If the event is very destructive, b) BCP Process: BCP is a process Aéstmed to reduce the risk to an enterprise from an unexpected disruption of its critica $e fins, both manual and automated ones, and assure continuity of minimum level of saetieaSnecessary for critical operations. The purpose of BCP is to ensure that vital busi netions ate recovered and operationalized within an acceptable timeframe. c) Business Continuity Planning (BCP): It refers to the ability of enterprises to recover from a disaster and continue operations with least impact Write short notes on BCP manual and explain the scope of Bu: (S15 MTP) 4. BCP Manual: a) Successful organizations have @ comprehensive BCP Manual, which ensures process readiness, data and system availabilty to ensure business continuity. b) A BCP manual is a documented description of actions to be taken, resources to be used and procedures to be followed before, during and after an event that severely disrupts all or part of the business operations. c) The BCP is expected to provide i) Reasonable assurance to senior management of enterprise about the capability to recover from any unexpected disaster affecting business operations and continue to provide services with minimal impact Anticipate various types of incident or disaster scenarios and outline the action plan for recovering from the incident or disaster with minimum impact and ensuring ‘Continuous availability of all key services to client CA Final_17e_ISCA_Business Continuity & Disaster Recovery Planning. 41 Ph: 98851 25025/26 www.mastermindsindia.com d) The BCP Manual is expected to specify the responsibilities of the BCM team, whose mission is to establish appropriate BCP procedures to ensure the continuity of enterprise's critical business functions. @) In the event of an incident or disaster affecting any of the functional areas, the BCM Team serves as liasioning teams between the functional area affected and other departments providing support services 2. Scope of Business Continuity: a) Top management of the enterprise needs to define the scope of the BCM program by identifying the key products and services that support the enterprise's objectives, obligations and statutory duties in line with the threat scenario and the business impact analysis. b) In case of an outsourced service, the risk accountability remains with the enterprise and necessary controls and process should be in place to manage the risk Q.No.3, Write are the advantage of Business Continuity? (B) (N15 RTP) The advantages of BCM are that the enterprise: a) Is able to proactively assess the threat scenario and potential risks b) Has planned response to disruptions which can contain the damage and minimize the impact on the enterprise; and ¢) Is able to demonstrate a response through a process of reqular testing and trainings. Q.No.4. Explain the BCM policy? Explain its objectwes SAB) (PM, N14 — 4M) 2. This policy document is a high level g@xi disaster recovery, \" 3. It also provides awareness among the persons in scope about the business continuity aspects and its importance and to test and review the business continuity planning 4, While developing the BCM policy, the enterprise should consider defining the scope, BCM principles, guidelines and minimum standards for the enterprise. 5. The BCM policy defines the processes of setting _up activities for establishing @ business continuity capability and the ongoing management and maintenance of the business continuity capability. 6. BCM policy objectives: The objective of Business Continuity Management Policy is to provide a structure through which’ (PM) lent, which guide to make a systematic approach for a) The loss to enterprise's business in terms of revenue loss, loss of reputation, loss of productivity and customer satisfaction is minimized. b) Critical services and activities undertaken by the enterprise operation for the customer will be identified c) Plans will be developed to ensure continuity of key service delivery following a business d) Disruption, which may arise from the loss of facilities, personnel, IT and/or communication or failure within the supply and support chains. ) Invocation of incident management and business continuity plans can be managed f) Incident Management Plans & Business Continuity Plans are subject to ongoing testing revision and updating as required CA Final_17e_ ISCA_ Business Continuity & Disaster Recovery Planning, 4.2 [No.1 for CA/CWA & MECICEC MASTER MINDS 9) Planning and management responsibility are assigned to a member of the relevant senior management team (Explain the objectives of Business Continuity Management Policy briefly?) Q.No.5. What is meant by Business Continuity Plan (BCP)? (A) (N-10, RTPM16) 4. Business Continuity Planning (BCP) refers to plans focused on maintaining the operations of an organization, especially the IT infrastructure in face of a threat that has materialized 2. Business Continuity Planning (BCP) is the creation and validation of a practical logistical plan for how an organization will recover and restore partially or completely interrupted critical functions within a predetermined time after a disaster or extended disruption 3. The logistical plan is called a business continuity plan 4, Planning is an activity to be performed before the disaster occurs. 5. The resulting outage from such a disaster can have serious effects on the viability of a firm's operations, profitability, quality of service, and convenience. Q.No.6. What are the areas covered by Business Conti 9? (A)(PM, N-10, RTPM16) Business continuity covers the following areas: 4. Business resumption planning: The operation's. 2. Disaster recovery planning: The technolo advance planning and preparation necessar business functions of the organization in th gQs 3. Grisis management: The overall co,dpdingtion of an organization's response to a crisis in an effective timely manner, with the goat avoiding or minimizing damage to the organization's profitability reputation or ability toc’ Q.No.7. Write short notes on Business Continuous life cycle? (B) | 1. The business continuity life cycle is broken down into four broad and sequential sections: a) Risk assessment, b) Determination of recovery alternatives, c) Recovery plan implementation, and f business continuity planning, ect of business continuity planning, the mize losses and ensure continuity of critical of disaster d) Recovery plan validation 2. Within each of these lifecycle sections, the applicable resource sets are manipulated to provide the organization with the best mix or critical resource quantities at optimum costs with minimum tangible and intangible losses. 3. These resource sets can be broken down into the following components’ a) Information d) Process b) Technology e) People c) Telecommunication f) Facilities. CA Final_17e_ISCA_Business Continuity & Disaster Recovery Planning. 43 [No.1 for CA/CWA & MECICEC MASTER MINDS Q.No.8. Explain objectives and goals of Business Continuity Planning? (A) (PM, N-08, RTP N44, M15, M16, N16, M17, MTP F16, S16, M17) 4. The primary objective of a business continuity plan is to minimize loss by minimizing the cost associated with disruptions and enable an organization to survive a disaster and to reestablish normal business operations 2. In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame. 3. The key objectives of the contingency plan should be to a) Provide for the safety and well-being of people on the premises at the time of disaster, b) Continue critical business operations ¢) Minimize the duration of a serious disruption to operations and resources d) Minimize immediate damage and losses ) Establish management succession and emergency powers f) Facilitate effective co-ordination of recovery tasks g) Reduce the complexity of the recovery effort h) Identify critical lines of business and supporting fupgtions 4. The goals of the business continuity plan should a) Identify weaknesses and implement a dis: ‘vention program b) Minimize the duration of a serious dist fo business operations c) Facilitate effective co-ordination of, d) Reduce the complexity of the er effort. Q.No.9. Write short notes on methodology of developing a Business Continuity Planning? (or)Mention all the phases that are prescribed under the methodology of developing a BCP? (A) (PM, M14-4M, N-08, N14 RTP) ‘The methodology emphasizes on: a) Providing management with a comprehensive understanding of the total efforts required to develop and maintain an effective recovery plan b) Obtaining commitment from appropriate management to support and participate in the effort ¢) Defining recovery requirements from the perspective of business functions; d) Documenting the impact of an extended loss to operations and key business functions; ) Focusing appropriately on disaster prevention and impact minimization, as well as orderly recovery, f) Selecting business continuity teams that ensure the proper balance required for plan development; g) Developing a business continuity plan that is understandable, easy to use and maintain h) Defining how business continuity considerations must be integrated into ongoing business planning and system development processes. CA Final_17e_ISCA_Business Continuity & Disaster Recovery Planning. 45 Ph: 98851 25025/26 www.mastermindsindia.com Q.No.10. List the phased in developing a Business Continuity Planning? (A) Discuss the development of a BCP? (PM, RTP M15, M16, MTP A16 ) Pre-Planning Activities (Business continuity plan Initiation) Vulnerability Assessment and General Definition of Requirements Business Impact Analysis Detailed Definition of Requirements Plan Development Testing Program Maintenance Program SNP PRED Initial Plan Testing and Plan Implementation Q.No.11. Write short notes on Phase! (or) Pre-Planning activity or Project initiation phase? (B) 4. In phase 1, we obtain an understanding of the existing and projected systems environment of the organization. 2. This enables us to a) Refine the scope of business continuity planning a b) Develop project schedules ¢) Identify and address issues that could hava Sea on the delivery and the success of the plan. KS 3. During this phase a Steering Committee should be established that should undertake an overall responsibility for providing direction and guidance to the business continuity planning team. associated work program The committee should also make all decisions related to the recovery planning effort The Business Continuity Manager should work with the Steering Committee in finalizing the detailed work plan and developing interview schedules for conducting the Security Assessment and the Business Impact Analysis. 6. Two key deliverables of this phase are: a) The development of a policy to support the recovery programs b) Awareness program to educate management and senior individuals who will be required to participate in the business continuity program Q.No.12. Write short notes on Phase 2 (or) Vulnerability assessment and general definition of requirements? (B) (OR) (PM, N14 RTP) While developing a Business Continuity Plan, the key tasks that should be covered in the second phase ‘Vulnerability assessment and general definition of requirement’ 4. This phase focuses on identifying the Vulnerability of the assets to any disaster and to reduce the probability of occurrence. Security and control within an organization is a continuing concer. It is to concentrate on activities that have the effect of reducing the possibility of disaster occurrence, rather than concentrating primarily on minimizing the impact of an actual disaster. 4. This phase include the following tasks: CA Final_17e_ ISCA_ Business Continuity & Disaster Recovery Planning, 46 [No.1 for CA/CWA & MECICEC MASTER MINDS a) A thorough Security Assessment of the system and communications environment including i) Personnel practices vii) Data and voice communications seourty ii) Physical security vili) Systems and access control software security ix) Insurance x) Securtty planning and administration iii) Operating procedures iv) Backup and contingency planning v) Systems development and maintenance xi) Application controls, vi) Database security xii) Personal computers, b) Present findings and recommendations resulting from the activities of the Security Assessment to the Steering Committee so that corrective actions can be initiated in a timely manner. ¢) Define the scope of the planning effort, d) Analyze, recommend and purchase recovery planning and maintenance software required to support the development and maintenance of the plans ) Develop a Plan Framework ) Assemble business. continuity team and conduct awareness sessions. Q.No.13. What is meant by Business Impact Assessment (BIA) (or) Explain the 3" Phase of| BCP? (A) 1. A Business Impact Assessment (BIA) of all S units that are part of the business environment enables the project team to: S a) Identify critical systems, processes and S b) Assess the economic impact of in: “and disasters that result in a denial of access to systems services and other service 2" facilities c) Assess the “pain threshold," the length of time business units can survive without access to systems, services a\Wailities. 2. The BIA Report should be presented to the Steering Committee. This report identifies critical service functions and the timeframes in which they must be recovered after interruption. 3. The BIA Report should then be used as a basis for identifying systems and resources required to support the critical services provided by information processing and other services and facilities, Q.No.14. What do you mean by Detailed Definition of requirements in BCP process (or) Phase 4 of BCP? (B) During this phase, a profile of recovery requirements is developed. This profile is to be used as a basis for analyzing alternative recovery strategies. 3. The profile is developed by identifying resources required to support critical functions identified in the Business Impact Analysis, 4, This profile should include a) Hardware (mainframe, data and voice communication and personal computers) b) Software (vendor supplied, in-house developed, etc.) c) Documentation (DP, user, procedures) d) Outside support (public networks, DP services, etc.) To MASTER MINDS, Guntur €) Facilites (office space, office equipments, ete.) f) Personnel for each business unit CA Final_17e_ISCA_Business Continuity & Disaster Recovery Planning. 47 Ph: 98851 25025/26 www.mastermindsindia.com 5. Recovery Strategies will be based on short term, intermediate term and long term outages. 6. Another key deliverable of this phase is the definition of the plan scope, objectives and assumptions. Q.No.15. Write short notes on Plan Development Phased of BCP or 5 Phase of BCP)? (B) | 1. In this phase, recovery plans components are defined and plans are documented. 2. This phase also includes the implementation of changes to user procedures, upgrading of existing data processing operating, vendor contract negotiations andthe definition of recovery teams, their roles and responsibilities. 3. Recovery standards are developed and for the recovery of the core business processes. In the event of a disaster, itis survival and not business as usual. Q.No.16. Write short notes on the Testing program Phased of BCP or 6 Phase of BCP? (C) 1. The plan Testing/Exercising Program is developed during this phase. 2. Testing/Exercising goals are established and atternative testing strategies are evaluated 3. Testing strategies tailored to the environment should be selected and an on-going testing program should be established 4. Unless the plan is tested on a reqular basis, there is no assurance that in the event the plan is activated, the organization will survive a disaster. Q.No.17. List the tasks undertaken in Maintenan, ram Phase of BCP (7"" step of BCP)? (c) a) Maintenance of the plans is critical to the success of actual recovery. b) The plans must reflect changes to the environment. (N16-4M, N14 RTP) ¢) It is critical that existing change management processes are revised to take recovery plan maintenance into account, d) In areas where change management does not exist, change management procedures will be recommended and implemented e) Many recovery software products take this requirement into account. Q.No.18. Write short notes on Testing and Implementation phases of BCP or 8" phase of| BCP? (C) (N14 RTP) a) Once plans are developed, initial tests of the plans are conducted and any necessary modifications to the plans are made based on an analysis of the test results, b) Specific activities of this phase include the following: i) Defining the test purpose/approach iv) Condueting the test; Identifying test teams; v) Analyzing test results; and Structuring the test vi) Modifying the plans as appropriate. c) The approach taken to test the plans depends laraely on the recovery strategies selected to meet the recovery requirements of the organization d) As the recovery strategies are defined, specific testing procedures should be developed to ensure that the written plans are comprehensive and accurate CA Final_17e_ ISCA_ Business Continuity & Disaster Recovery Planning, 48 (No.1 for CA/CWA & MECICEC MASTER MINDS ) Q.No.19. Explain the components of BCM process? (OR) Explain the Six stages or components of BCM Process. (B) (M17 - 6M, M16 - 5M) = Business Impact analysis Information |] > Risk Assosameont Collection = Organization BOM Strategy + Process Level BCM Stratoay + Resource Recovery BCM Strategy > Implement Management Plan + Business Continutty Plans. + Testing of BM Pans Testing and || > BCMMaintonance Maintenance) |_+ _&CM Audit and Review arrangementa + Accessing Neods cM + Designing & Delvering Trainings Traininas_||_- Measuring Results Components of BCM Process: Ws” Saget Stage? Stage5 Staged Staged Components of BCM Process are: a) BCM - Management Process: The capacity and capability to be establis! 8 n_Collection@stess: The activities of assessment process do the Prioritization of an enferprise’s proWcts and services and the urgency of the activities that are Tequired to deliver them. This sets the requirements that will determine the selection of appropriate BCM strategies in the next process. ment process enables the business continuity, b) ¢) BCM ~ Strategy Process: Finalization of business continuity strategy requires assessment of a range of strategies. This requires an appropriate response to be selected at an acceptable level and during and after a disruption within an acceptable timeframe for each product or service. d) BCM — Development and Implementation Process: Development of a management framework and a structure of incident management, business continuity and business recovery and restoration plans ) BCM Testing and Maintenance Process: BCM testing, maintenance and audit testify the enterprise BCM to prove the extent to which its strategies and plans are complete, current and accurate; and Identifies opportunities for improvement f) BCM Training Process: Extensive trainings in BCM framework, incident management, business continuity and business recovery and restoration plans enable it to become part of the enterprise's core values and provide confidence in all stakeholders in the ability of the enterprise to cope with minimum disruptions and loss of service Q.No.20. Explain the BCM management process? (C) | 1. ABCM process should be in place to address the policy and objectives as defined in the business continuity policy by providing organization structure with responsibilities and authority, implementation and maintenance of business continuity management. CA Final_17e_ISCA_Business Continuity & Disaster Recovery Planning. 49 Ph: 98851 25025/26 www.mastermindsindia.com 2. The BCM Processes are mapped as follows a) Organization Structure: i) The organization should nominate @ person or a team with appropriate seniority and authority to be accountable for BCM policy implementation and maintenance. ii) It should clearly define the person's responsibilities b) Implementing Business Continuity in the Enterprise and Maintenance: i) In establishing and implementing the BCM system in the organization, managers from each function on site represent their areas of the operation li) These people are also responsible for the ongoing operation and maintenance of the system within their area of responsibility, ) Where training is required to enable as a colleague to effectively carry out their BCM responsibilities, this will be identified as part of the ongoing staff appraisal and training process. Q.No.21. What are the major activities in BCM implementation? (B) (17-4) a) Defining the scope & context b) Defining roles and responsibilities ‘Copyrights Reserved c) Engaging and involving all stakeholders To MASTER MINDS, Guntur d) Testing of program on regular basis ¢ e) Maintaining the currency & appropriateness of busi ntinuity program f) Reviewing, reworking and updating the busine; Inuity capability, risk assessments (RA) and business impact analysis (BIAs) g) Managing costs and benefits associated, h) Convert policies and strategies int Ry Q.No.22. What are the major documents that should be the part of a Business Continuity Management System? Explain in brief? (A) (PM, M17-6M, M16 RTP) 4. All documents that form the BCM are subject to the document control and record control processes. 2. The following documents are classified as being part of the business continuity management system: a) The business continuity policy b) The business continuity management system ¢) The business impact analysis report 4d) The risk assessment report Copyrights Reserved €) The aims and objectives of each function TL ) The activities undertaken by each function 9) The business continuity strategies h) The overall and specific incident management plans; i) The business continuity plans i) Change control, preventative action, corrective action, document control and record control processes CA Final_17e_ ISCA_ Business Continuity & Disaster Recovery Planning, 4.10 [No.1 for CA/CWA & MECICEC MASTER MINDS K) Local Authority Risk Register I) Exercise schedule and results m) Incident log n) Training program. Q. lo. Write about the BCM information collection process? (C) To design an effective BCM, it is important to understand the enterprise from all perspectives of interdependencies of its activities, external enterprises and including: a) Enterprise's objectives, stakeholder obligations, statutory duties and the environment in which the enterprise operates b) Activities, assets and resources, including those outside the enterprise, that support the delivery of these products and services ¢) Impact and consequences over time of the failure of these activities, assets and resources d) Perceived threats that could disrupt the enterprise's key products and services and the critical activities, assets and resources that support them. Q.No.24. What analysis should be done for understanding the degree of potential loss (such as reputation damage, regulation effects) of an organization? Enumerate the tasks to be undertaken in this analysis. In what ways the intra can be obtained for this analysis? S What is the significance of a Business I inalysis (BIA)? Enumerate the tasks to be undertaken in this Analysis. In what way: formation can be obtained for this analysis? (A) (M13-6M, N11-8M, RTP M16) (NO9-10M) 4. Business Impact Analysis (BIA)

    You might also like