Writing a business continuity plan according to ISO Presenter: Dejan Kosutic

Transcription

1 Writing a business continuity plan according to ISO Presenter: Dejan Kosutic

2 GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed throughout the session Raise your hand 2

3 Elements of the business continuity plan required by ISO If you re starting to develop the BCP make sure you didn t forget anything 3

4 BCP is used in case of a real emergency if you want it to be useful, make sure you prepare it properly! 4

5 Agenda BCP in the BCM process Business continuity plan elements ISO requirements for BCP ISO requirements for incident response Main elements of recovery plans Specifics for disaster recovery plans Roles in the BCP development Biggest challenges with BCP 5

6 BCP in the BCM process Business impact analysis BCM Policy Analysis BCM Strategy BC Plans Testing Excerci sing Risk assessm ent 6 6

7 Business continuity plan elements Business continuity plan Incident response plan Disaster recovery plan Recovery plans Incident 7

8 ISO requirements for BCP Plans must collectively contain: defined roles and responsibilities process for activating the response details to manage immediate consequences details on how and with whom to communicate, including media response how to continue or recover activities within the RTOs process for standing down 8

9 ISO requirements for BCP Additionally, each plan must define: purpose and scope objectives internal and external interdependencies and interactions resource requirements information flow and documentation processes 9

10 ISO requirements for Incident response define impact thresholds for plan initiation assess nature, extent and impact of an incident define how to activate appropriate response define processes for handling the response have available resources communication with interested parties 10

11 Main elements of recovery plans Recovery time objective Responsibilities / authorizations Key tasks Minimum acceptable capacity Resources Who must be notified Contact information all parties involved Recovery steps for critical activity to be developed by each recovery team 11

12 Specifics for disaster recovery plans Recovery plans for IT infrastructure Usually the shortest RTO The same plan template Much more detailed for each IT system appendices Each step in recovery is determined by RTO of other critical activities 12

13 Roles in the BCP development BCM Coordinator develops the plans templates BCM Coordinator writes/coordinates the main part of the plan BCM Coordinator writes/coordinates Incident response plan Department heads develop recovery plans and disaster recovery plans; BCM Coordinator coordinates them Final approval by top management 13

14 Biggest challenges with the business continuity plans Top management involvement and budget How big a BCP needs to be? What details/components to cover? How to ensure a BCP can cater to most of the worst case scenarios How can the BCP be automated, what are the possible tools? Get BCP to the staff for education, trainings and exercising 14

15 Conclusion Business continuity plans require careful preparation If you skip some of the steps, you ll produce plans that won t be usable when you need them 15

16 Q & A Dejan Kosutic

17 Thank you!