CRISC

Course
Time
5 hours 20 minutes
Difficulty
Advanced
CEU/CPE
7

Video Description

This lesson is about developing the BCP teams. When forming a BCP team, management should appoint the members. Each member must understand the goals of the plan and be familiar with the department they are responsible for. Before the event, it is agreed upon: - Who will talk to the media, customers and shareholders? - Who will setup the offsite facility? - Established agreements with off-site facilities should be in place - Who will work on the primary facility?

Video Transcription

00:04
What I have for you is kind of a breakdown of the different plans who would ultimately be responsible and then what the function is. I'm not gonna go through every one of these. But you can see, for instance, the disaster recovery plan.
00:18
Its job is to make sure that we notify people in the event of a disaster and that we have policies in place to restore the most critical operations. BCP coordinator on BCP team's gonna be responsible for that.
00:32
All right, occupant emergency plan. Getting people out of the burning buildings, of course, Gonna go to the rescue team. So this isn't something necessarily. I'd make flashcards out of and remember exactly what each element is. But again more from a conceptual standpoint of the elements that have to happen that are apart
00:50
of business continuity, planning
00:52
and would be sub plans off the BCP itself.
00:57
All right, now, in developing the team management, McGinnis goes back, the senior management is gonna establish who the team members are, so they're gonna pull expertise from throughout the organization, and we have to make sure that every department is represented
01:14
now. It doesn't mean that every single department has somebody sitting in the business continuity meetings. Ah, but it does mean that everybody has representation has a means to contribute to the process,
01:29
something important and something testable. Things that we need to agree upon prior to the event. Who will talk to the media so very important. Because what? My job. If I'm gonna talk to the media, my job is to restore confidence. Yes, we've have had a breach.
01:48
Here's the scope of the breach.
01:49
Here's how we limited the damage. Here's how we responded. And here's where we are now, to be very matter of fact, to be very precise and essentially to go in front of cameras. Tell my stakeholders everything's okay.
02:02
This has happened. We anticipated this could happen. Here's how we responded. Whereas if you think about some of the disasters that we've heard or we've seen throughout the years and we've seen maybe a company like BP with the oil spill in the Gulf, um, you know, their strategy was just in the CEO out and talk to the media.
02:23
But one of the things you may have noticed was that might not have been the best plan for them
02:28
because the CEO If you'll remember. Tony Hayward made some missteps verbally, you know, he was quoted, and I'm going to paraphrase, but he essentially said something to the effect of. Nobody's been affected by this more than I have. I want my life back.
02:43
Well, you know, they lost the lives of 11 crew members on the oil rig. It's pretty self absorbed to say, you know, look at me. I haven't slept in three days. I'm the real victim here. And that did not sit well for the media that got played again and again and again. So what I want, you know, Do I want to send my CEO?
03:02
Not unless they are well trained and very media savvy.
03:06
I'd much rather send somebody from the PR department or perhaps from the legal department, because don't forget, You know, when I send somebody out in front of the cameras, I could be held liable for what they say for what's being said. So be careful who you send in front of the media.
03:22
Um, figure out if we're gonna need alternative alternative communication methods. Ah, I had a team and we were working down in South America and there was a major power outage that rendered some of the telephone lines in addition to this sort of regional issue,
03:40
rendered the normal means of communication unavailable. We wound up having to communicate
03:46
the walkie talkies, actually, so we've gotta have some sort of plan as part of this, Really? With disaster recovery planning, you've got to think of everything.
03:54
Um, setting up the offsite facility. That will be your rescue team.
03:59
Any sort of agreements for our offsite facility should be in place. Should be in writing. So am I leasing a facility that we can move to in the event of exas ter? I better have that information in writing.

Up Next

CRISC

Archived Certified in Risk and Information Systems Control is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor