BCP steps

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

14 hours 39 minutes
Video Transcription
The next thing that we want examine is we want to examine some of the frameworks that are out there to provide structure, toe our business continuity planning processes. I'm a big believer and don't reinvent the wheel. Take advantage of what's out there, take advantage of what works and then customize it to your environment.
when we look to find frameworks on business continuity, planning, there's no lack off them. There is no shortage. You have the disaster Recovery Institute International, you have ice. 0 27,031 You have missed 800 cash 34. And now there's revision one.
And most importantly, we have I s c square dot org's before processes of business continuity, which, of course, will focus on.
But what I want to stress to you is, regardless of which of these models you're following, the flow is always the same. You know, if you look at 800-31 I'm sorry. 800 Dutch 34 Revision one. So that's a special publication from N'EST. You'll see that there are seven distinct steps. Okay,
the same idea is true when you look at the four processes of business continuity planning for my S C Square or GE. But essentially what they're doing is they're combining steps. They're not bringing anything new. They're not doing anything out of order.
They're ultimately just pulling multiple processes from 800 deaths, 34
into four distinct processes. So the point I wanna make is regardless of what institution is providing guidance on business continuity planning, whether it's NIST or ICE O or Disaster Recovery International or I S C Square or element Opie, it doesn't matter,
were doing the same steps in the same flow.
So they're not gonna ask you what is the sixth? Step off what they're gonna ask you. Maybe which of the following is the correct order of business continuity planning, and you're gonna want to know what the flow is. You have to start with initiation with policy, with planning, with scope.
You move into a business impact analysis for assessment,
then you plan and then you approve and you put the plan in place. And, of course, with putting the plan in place, you continue to monitor and make sure that it works. All right, So if we look at step one project scope and planning. This is the first step in the process, and
creating a business continuity plan is definitely a project.
And all project should start with an initiation phase where the scope of the project is defined and we're doing very high level planning. Okay, so this is upper level
now. The first pieces we get a policy from senior management senior management commence to support to fund to provide resource is for the business continuity planning process. But also in that policy, they're going to state that they get it. And that's the most important thing to have a successful business continuity plan
is get senior management on board,
help them get it, because if they don't commit, then you're not gonna be successful. Senior management holds the purse strings. This is not something that you knock out over margaritas at Chili's. This is something that takes a long time in a lot of investment. Okay, Now, the second piece
in step one
is that we do a business organization analysis. What we've said all the way, you know, all through Chapter one is we serve the business. It's all about the business. So how can I support the business if I don't understand the business. So in this business organization analysis,
basically we want to do is figure out what the business assets are
and try to understand their importance, their function there, criticality and how all those different functions play in together. We won't understand dependencies. We want to understand the different processes in relation to urgency. We want to understand the business. Okay?
Can't move forward
in protecting the business If we don't understand the business
now that point in time, we're gonna pull our BCP team together. Senior management's gonna be involved. Probably in selecting the team. Senior management will have representation on the team as well. It needs to be a cross functional team so that each department within the organization can be represented.
They'll contribute to the processes and procedures necessary for their department.
We'll get by in from them but will also take advantage of their knowledge. That's particular to the various areas. Then senior management is gonna provide feedback on the resource is that are available to us.
And we also have thio take consideration off broad high level risks. We have to think about ideas like compliance.
We have to think about legal and regulatory environments in which we operate and when we have to be compliant with certain laws and regulations. That is, regardless of whether or not we're in the midst of a disaster. You know, none of our regulations say
kelly dot com is exempt in case it's a bad day or a bad week.
So we have to make sure that we understand that the legal requirements that were subjected to during normal operations also carries over in that state of a disaster, and we have to make sure that that's implemented into our plans.
Up Next