unless, but not least we come to step for plan approval and then implementation
plan approval has to be high up the food chain. Senior management has to sign off. The best case would be that the CEO would sign off because they're ultimately the decision maker for the organization. And remember, when we're looking at this,
we're talking about plans to minimize disruption to the organization. No matter what
that CEO better be involved in. Better be concerned with this because ultimately the liability and the ultimate responsibility lasts with CEO or the liability belongs to the CEO will say
All right, So if you can't get the CEO, another senior officer, perhaps chief operating officer,
Uh, but we need senior management to sign off because what we're gonna do is this is gonna be the basis for what we do in the event of a disaster again to keep the company going, which means we have tohave resource is we have to have prior ization of processes,
will have solutions that we propose.
Senior management has to let us know that we're on the right track because ultimately, when it comes down to it and we're in the midst of the midst of a disaster. How long to senior management wanna wait until we recover? Web service is or card service is or this that or the other
non They want it now. Well, we need them to commit to essentially stating that.
Yeah. Um, ultimately,
we have approved for our downtime. We have approved thes resource is and these methods in order to restore the device.
All right, now, implementation off the plan.
We have a plan and we have an implementation guide again. We're likely going to have some additional controls that may need to be implemented in the environment.
And we're going to get the final approval on the plan in this now becomes our business continuity plan.
This plan has to be maintained as well as a general rule. You go back and revisit plan at least once per year or in the event of a major change. And by major change, I mean an acquisition, a merger and update of existing infrastructure.
You know, something major is gonna drive me to come back and look at this, but otherwise
I need to distribute the plan on a need to know basis. Not everybody gets a copy of my business. Continuity plan modified. Most people simply need to know in the event of a disaster,
evacuate through the stairs, wait out the parking lot for your head to be counted, right. I don't need every employee or internal individual to know everything that I do in the event of a disaster, particularly pieces that I use to protect. My resource is so it's distributed on a need to know,
and people are trained what their roles are
Everybody should have an overview of what we're trying to do in the general premise of it. But again, we withhold the details based on need to know.