Time
12 hours 41 minutes
Difficulty
Advanced
CEU/CPE
13

Video Description

This lesson offers an introduction to Business Continuity Planning (BCP) and Disaster Recovery Planning. Business Continuity Planning focuses on how to sustain operations and protecting the viability of a business in the wake of a disaster. Whereas the goal of disaster recovery planning is to minimize the effects a disaster has on a business.

Video Transcription

00:04
I really think of Chapter one being divided into two main parts. The first section kind of focusing in on risk management and the second section focusing in on continuity of the enterprise, which, of course, deals with business continuity planning, disaster recovery planning.
00:22
So we're getting ready to move into this next section.
00:25
So you hear these terms? She's quite a bit business Continuity plan Disaster Recovery Plan If you're in the government military, you hear about Coop continuity of operations planning. You hear a lot of these terms, so we want to make sure that we have a good understanding of what they are and how they're related.
00:42
Essentially, the business continuity plan is an overarching document that includes lots of sub plants.
00:49
This is all about the long term survival of the organization in the event of a major disruption. Now the disaster recovery plan is more I t focus. So business continuity plans about the organization as a whole. Disaster recovery plan does tend to be mostly I t focused
01:07
and deals much more on the immediacy
01:11
of the disaster
01:11
than the coupe Continuity of Operations plan. After the disaster recovery plan has recovered all the necessary service is gotten things back up and running the coop talks about how we're gonna maintain and continue our functions. After all this has happened until we get back to a state of normalcy.
01:30
So those were really three big plans.
01:33
Business continuity plan is a whole, including the disaster recovery plan and the coop, and we'll talk about the coop in just a few minutes.
01:42
All right, what is the relationship between the business continuity plan and risk management? They're both here in the same chapter. Why is that? The best way to think about this is that the business continuity plan is a safety net under risk management, where risk management doesn't catch everything, whatever falls through the cracks
02:01
gets caught up in the safety net of business continuity.
02:05
So, for instance, if you look at the chart and if you go back to our discussions on risk, you know that we can't resolve all risks, we will never bring our risk amount down to zero. There will always be residual risk. There will always be risks that we just accept there will be risks we didn't plan for. Well,
02:23
what happens if you know we had a great earthquake
02:27
here in the year 2013. I believe here in the D C area, which was quite amusing because it pretty much was shake, shake, shake and that was over.
02:38
So I you know, being from the East Coast, earthquakes really aren't on my radar.
02:43
So now suddenly, I'm aware of the fact that we can have an earthquake in the Washington D. C area. So what do I do about it? You know? Do I sell everything I have and give up my business? Do I move my building business into a steel reinforced building?
03:01
You know, I probably just accept the risk
03:04
the number of earthquakes we've had in the low severity of those earthquakes. Let's may say it's just I just can't justify
03:14
a more active strategy. So that's an accepted risk. Well, what happens if we do have that earthquake? And what if it's significant? What if it's much greater than anticipated? That's okay, because business continuity planning means that I have backup Power Supply means that my dad is stored in an off site location.
03:32
It means that I have money and reserved
03:35
so essentially
03:37
anything that risk management doesn't hand
03:39
residual risks unidentified risks, risks that are greater than expected, accepted risks. All of those should be caught by business. Continuity
03:52
are now business continuity. Planning. What does it include? Includes everything. Where do threats come from? We've got to think about. And generally speaking, we can sort of arrange threats and three main categories. Manmade threat. So these would be vandalism, theft, terrorism,
04:10
then hackers. Those would fall under man mate, Natural tornado, fire, flood, earthquake
04:16
and then technical. You have major power outages, loss of team one lines or done that links. Ah, some sort of device failure and depending on the scope of that, whether or not they'd actually be considered to be a disaster,
04:31
all right, business continuity planning is gonna also have to cover different types. Like I just mentioned different pipes of outages and disruptions. Now there are non disasters that really you're just more inconveniences. Hard drive fails. We lose power for a couple of hours. Something has stopped running
04:49
those air generally handled by risk management. Generally, they don't lose lead to a large scale
04:57
business out. It's usually that's just something that has to be corrected. Now, when we move up to an emergency. An emergency is significant because there's an urging, an immediate threat, toe loss of life or property. So there's that urgency to an emergency,
05:14
a disaster, and this is an interesting disaster. But what a disaster revolves around is that the building is unusable for a day or longer.
05:23
So you know, we've had quite a bit of snow here in the D C area last week. A couple weeks ago, we had 30 inches of snow in D. C. I have two small Children. I was snowed in my home for five days with two small Children.
05:40
Just think about that from
05:42
anyway, So that was a disaster. Indeed, in the disaster means our facility is unusable for a day or longer, making we can't get the facility. Maybe the facility's under temporary repair, Whatever that may be. Keep in mind that
06:00
a disaster doesn't necessarily mean what we instantly have come to mind.
06:03
You know, when you use the term disaster, I think fire and brimstone and you know, just major major loss that's generally more in line with catastrophe. Catastrophe means the facility is destroyed,
06:16
but a disaster could be something as basic as that snowstorm. It doesn't mean that we pack up all operations and move to an off site facility in Nevada.
06:26
What it means is we initiate the disaster recovery plan at least maybe Phase one, and Phase 1 may just simply be contacting our employees and notifying. You don't need to come to work today,
06:38
and we could just go through disaster recovery. Phase one of notification.
06:43
Um, some people may be working from home through the PM's that's working at an off site facility, so you can see that just because we're using the disaster recovery plan doesn't mean that there's necessarily chaos out there
06:56
now, a question that I think is worth seeing who can declare an emergency.
07:01
Anybody,
07:02
anybody can pull the fire alarm or anybody can say smoke. I smell smoke.
07:08
Who could declare disaster, senior management or the business continuity planning coordinator?
07:14
Now the business continuity has a number that business gotten. Every plane has a number of sub plans, and we'll be covering those in just a moment

Up Next

ISC2 CISSP

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor