Page 83 - Cyber Warnings
P. 83
4. Prepare the continuity plans by taking active inputs from the clients and executive
management
From a practical viewpoint, every BCP is unique and addresses the following aspects
1. Define the scope and the recovery needs for each critical area
2. Take the formal approval of the sponsor/client(s) and executive management
3. Determine the acceptable downtime for each area of your business
4. Create a plan to communicate with the key personnel (both internal and external)
5. Engage the subject matter experts from each in-scope area to define how those
functions can be brought online within the committed timelines
6. Ensure everyone understands the goals of the BCP (i.e. which services and operations
shall remain available and what degraded level of service(s) shall be provided even
during an outage)
7. Designate an experienced project manager to lead the core BC team which includes
experienced personnel from technical, accounting, legal, customer service, PR,
marketing and facilities departments, key Bus and large client(s)
8. Conduct the end user testing especially on the technical processes
9. Identify the key personnel to be involved during the initial recovery period, use test cases
to groom them regarding the specific BCP processes to be followed
10. Use and train the staff whom you intend to be the first line responders during a recovery
event
When the above practical aspects are addressed, the recovery happens in a phased manner
Why a BCP is required
Following are some of the reasons which drive the creation of an enterprise wide Business
Continuity Plan (BCP):
1. Keep the business running
2. Protect shareholder value
3. Lower the impact of business disruption(s)
4. Reduce liability
5. Conform to regulatory requirements
When creating the BCP, always plan for a worst-case scenario assuming the unavailability
of the physical facilities, the communication facilities and the recovery team itself. Then
ensure to have multiple layers of back-up facilities, cross-train the key personnel, have the
latest contact lists of your vendors/sub-contractors as well as data service providers.
Equipped with the above insights, prepare your organization with a fully functional and
regularly tested virtual Command and Control Center to monitor and manage the continuity
processes – both during drill tests and when facing an actual outage situation.
83 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
