Skip to content

Page331

Project Initiation

In order to develop the BCP/DRP, the scope of the project must be determined and agreed upon. This involves seven distinct milestones [12] as listed below:

  1. Develop the contingency planning policy statement: A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
  2. Conduct the business impact analysis (BIA): The BIA helps to identify and prioritize critical IT systems and components. A template for developing the BIA is also provided to assist the user.
  3. Identify preventive controls: Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency lifecycle costs.
  4. Develop recovery strategies: Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
  5. Develop an IT contingency plan: The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
  6. Plan testing, training, and exercises: Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
  7. Plan maintenance: The plan should be a living document that is updated regularly to remain current with system enhancements [12].

Implementing software and application recovery can be the most difficult for organizations facing a disaster event. Hardware is relatively easy to obtain, but as Fig. 8.19 shows, it is not the only concern for C-level managers. In fact, IT is called upon to provide support to those parts of the organization directly fulfilling the business mission. IT has particular responsibilities when faced with a disruption in business operations because the organization’s communications depend so heavily on the IT infrastructure. As you review Fig. 8.19,

also note that the IT BCP/DRP will have a direct impact on the entire organization’s response during an emergency event. The top line of Fig. 8.19 shows the organization-wide BCP/DRP process; below that is the IT BCP/DRP process. You can see through the arrows how each is connected to the other.

Fig. 8.19 The BCP/DRP process. Fig. 8.19 The BCP/DRP process.