3. Business Continuity Planning
It’s a logistics process to run mission critical process for
survival and restoring operations from a disaster
It is enforced by law of the land
4. What is at RISK?
• Reputation Loss
• Financial Loss
• Regulatory concerns
• Data Loss
• Loss of Life
• Jobs
5. Where is it Applicable?
• Vendor and you are caught in the same disaster
Supply Chain • Transportation Strike and you have No Inventory
• Quitting of critical recourses
Human Resources • Worker union Strikes
• Acts of God
Physical Premises • Targeted terrorist attacks
Information • Data leakage by Intrusion/Hacking
Technology • Virus outbreak
• Your only market is hit by a crisis
Marketing • your product developed a snag and needs to be recalled
Its Applicable where a Mission Critical Service is disrupted
6. BCP & Regulations
• Several laws/orders mandate BCP as part of organization strategy.
Industry Sector Significant Laws and Regulations
Healthcare Health Insurance Portability and Accountability Act (HIPAA) of 1996
Food and Drug Administration (FDA) Code of Federal Regulations (CFR), Title XXI, 1999
Government Federal Information Security Act (FISMA) of 2002, Title III of the E-Government Act of 2002 (PL 107-347, 17 December 2002)
Executive Order on Critical Infrastructure Protection in the Information Age, 16 October 2001
COOP and Continuity of Government (COG). Federal Preparedness Circular 69, 26 July 1999
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-34, Contingency Planning Guide for Information
Technology Systems, June 2002
NIST 800-53, Recommended Security Controls for Federal Information Systems, February 2005
Finance Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004 (Chapter 10)
Basel II, Basel Committee on Banking Supervision, Sound Practices for Management and Supervision, 2003
Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, 2003
Expedited Funds Availability (EFA) Act, 1989
Utilities Governmental Accounting Standards Board (GASB) Statement No. 34, June 1999
North American Electric Reliability Council (NERC) 1200 (1216.1), 2003
Federal Energy Regulatory Commission (FERC) RM01-12-00 (Appendix G), 2003
RUS 7 CFR Part 1730, 2005
Telecommunications Act of 1996, Section 256, Coordination for Interconnectivity
NERC Security Guidelines for the Electricity Sector, June 2001
Source: Gartner http://www.gartner.com/DisplayDocument?doc_cd=128123
9. BCP Initiation and Recovery Steps
BCP Cycle Business Recovery Steps
Identification
Business Recovery
Recovery Prevention
Facility
Recovery
Process Recovery
Human
Implementation Declaration
Recourses
recovery IT Recovery
Operations Business Telecommunication
Data Recovery
Recovery Unit Recovery
Recovery
Containment Escalation