Okay, So let's look at the process with creating the business continuity plan now. Obviously, this is not 15 minutes and you're ready to create a B C P.
But just kind of Cem overview of the process and any of you that have been involved in business continuity planning? No, this is a massive undertaking. This is not something we knock out over lunch it, you know, Chili's drinking margaritas.
This could take months, certainly for your larger organizations. So when we start with the BCP, we start in first of all the term in the scope.
So is this for the entire organization? Is it for a specific department? What are we trying to solve? What's our main objective? Will talk about the roles who determines risk assessment and how that happens. We start off in a very broad level, just defining
what's within our view for what we're trying to, you know, create what's within our responsibility for determining business continuity. Now gathering requirements in the context This first bullet point identify critical business processes in dependencies for the win.
We just did that in the document prior. What was that document called?
You're absolutely right. It was called the business impact analysis. That's where we figure out what processes are most critical and how critical they are. Then we're gonna look ATT, risks and threats. And again with the cloud service provider, we've got to consider their failures.
Ah, and then we've got a look at what our requirements are. Those requirements are gonna come from senior management, right? And they're usually specified in the B I A. So I've got to get my Web presence back up and running within so much time. That's in the B I. A. So now what we're gonna do is we're gonna take that information, that requirement, and it also could be based on industry standards or regulations or, you know, some or other external or internal compliance. But ultimately, we should know that because we finish with the C i A.
Then we're gonna analyze our plan and figure out the plan that we have. Will it meet those metrics that we've specified? Based on what's in this plan? Will I be able to recover? Thes resource is in the appropriate time period. Will I be able to restore data too?
The degree of current nous if you will.
That was That was document. All right. We look at our risks, and then we design our plan. We ride our plan. What sort of technical prevented is what sort of response and corrective mechanisms will we put in place?
How will know when and how will know how to initiate and when to initiate
the disaster recovery plan. What are the phases of the plan that are gonna be included? How do we know that in veg? And, uh, uh, an individual begins their role in business continuity. That kind of goes with notification and then also will have to mention as well how we're gonna test
the business continuity plan. So there's a lot more information business continuity, planning. We'll cover just a few more pieces. But I would recommend if you were more comprehensive view of business continuity planning. Go to the C. I s s P. Course.
There's a lot of info in there that will do this topic. More justice. This should be the the important pieces for the exam. But life is much bigger than an exam, right? So the C I s s P course has a lot of good DCP information