Business Continuity Management Support Services
|
|
pf | Pulliam is committed to delivering diversified, best value information security consulting services that enable our clients to operate at their highest performance and efficiency levels. Our Business Continuity Management Support Services assists our clients in developing a cost-effective recovery strategy for information resources. Our staff develops process guidelines and deliverables based on industry standards such as: DRI International, FEMA 141, Emergency Management Guide for Business and Industry, NIST SP 800-34, Contingency Planning Guide for Information Technology Systems, etc. A cost of an outage due to a disaster can range from thousands of dollars to over a million dollars an hour depending on the revenue loss and type of disaster. In addition, regulatory requirements such as Sarbanes-Oxley (SOX) and Federal Financial Institutions Examination Council (FFIEC) require a recovery strategy. Finally, it is imperative that all organizations protect their staff and their ability to continue to operate during a disaster. We offer assistance in the following areas:
- Business Impact Analysis (BIA): The first step in a sensible business recovery process is to understand the potential impact of a disaster to your organization. It is extremely difficult for an organization to properly plan for a disaster if the organization has little or no idea of the likely impacts to the business during different disaster scenarios. A Business Impact Analysis (BIA) is intended to assist an organization in understanding the degree of a potential loss if a disaster were to occur and prioritize business functions based on impact to the organization. The BIA will take into consideration financial loss, regulatory compliance issues, and potential damage to the business reputation, etc.
After completing the BIA process an organization will understanding how each business areas works, which processes are interdependent on each other and which processes must be continuously available to support business and customers. This comprehensive evaluation of the organization environment will define critical business processes and resources needed to support them. It examines both financial and intangible losses that can result if these systems, assets, and/or data were not available due to an outage. This analysis defines specific interdependencies among business functions and key interdependencies among IT resources. It will produce an enterprise-wide, business-focused view of the organization recovery requirements for any extended outages.
The COOP/BCP is developed using outputs from the BIA. The BIA provides a Recovery Time Objective (RTO) as well as provides threat and vulnerability identification. The RTO guides recovery planners in prioritizing restoration efforts and developing recovery solutions and scenario-based recovery test plans. Mitigation for the threats identified by the threat analysis, contained in this document, need to be incorporated into the COOP/BCP. The COOP/BCP is based on the following assumptions: (1) Emergencies or threats may adversely affect the ability to continue to support organization operations; (2) Personnel and other resources will be made available to continue operations; and, (3) Emergencies or threats differ in order of priority or impact.
Critical information resources must be restored at the alternate recovery site based on a hierarchy of their importance to the business. The RTO identified by the BIA will be used create the hierarchy for information resource restoration.
-
Contingency Plan: Contingency planning is a critical component for continued operations and availability of business information resources. Planning in advance on how to continue and restore operations during a crisis is a necessity for all business systems. Contingency planning addresses how to keep an organization's critical functions operating in the event of disruptions no matter their size. This broad perspective on contingency planning is based upon distribution of computer support throughout an organization. Contingency Plans should be developed for all critical systems and typically these systems are identified during the BIA process. The Contingency Plan describes the actions to be taken in preparing for a disaster situation, in declaring a disaster situation to exist, and in responding to a disaster situation. The Contingency Plan also describes the roles and responsibilities of all individuals and organizations with an interest in these actions.
The primary objective of a Contingency Plan is to document the necessary coordination that will facilitate recovery of an organizations general support systems and applications immediately after a crisis has taken place. Specific goals of the plan relative to a crisis include detailed options for continuity of operations to minimize confusion, errors, and expense to the organization; provide quick and complete recovery of services; reduce risks for loss of services; provide ongoing protection of government assets; and ensure accuracy and validation of the Contingency Plan.
-
Testing COOP/BCP and Contingency Plans: All organizations must, on an annual basis, exercise their COOP/BCP and Contingency Plans. The exercise should be designed to execute the COOP/BCP and/or Contingency Plan and evaluate how well the individuals and/or organization performs during the recovery exercise. Exercises can be planned or unannounced. A successful exercise will identify any gaps in the COOP/BCP and/or Contingency Plan and will be identify changes to the plans. The types of exercises that pf | Pulliam can assist customers in completing include: (1) Table Top and/or Desktop Exercise; (2) Simulation Exercise; (3) Operational Exercise; (4) Mock Disaster; and, (5) Full Rehearsal. As part of the exercise, pf | Pulliam staff will develop an exercise test plan and lessons learned report.
|
|