Feb 18 2009

Economic turmoil and BCP

Category: BCP,Information SecurityDISC @ 6:42 pm

Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more attention to liability, regulatory penalties and negative PR which might cause an irrecoverable damage to business in today’s market.

“BCP is the creation and validation of a practiced logistical plan for how organization will recover and restore partially or completely interrupted critical functions within a predetermine time after a disaster or extended disruption”

The first step in business continuity process is to consider the potential impact of each disaster or disruption. Next step is to determine the likelihood of the disruption or how likely this disruption will occur within a year and how many times. Both impact and likelihood will determine the risk to the organization critical asset in a sense if impact of the disruption is high the risk is high or if likelihood of the incident is high the risk is high. High risk disruption will attract more attention during planning process.

Risk Analysis:
• Understand the function of probabilities and risk reduction
• Identify potential risks to the organization
• Identify outside expertise required
• Identify vulnerabilities / threats / exposures
• Identify risk reduction / mitigation alternatives
• Identify credible information sources
• Interface with management to determine acceptable risk levels
• Document and present findings

BCP Plan:
• Understand clear objectives, available alternatives, their advantages, disadvantages, and cost ranges, including mitigation as a recovery strategy
• Identify viable recovery strategies with business functional areas
• Consolidate strategies
• Identify off-site storage requirements and alternative facilities
• Develop business unit consensus
• Present strategies to management to obtain commitment

Assessing the Effectiveness of a BCP Plan for an Individual Business Unit:
Business unit contingency planning was never more important than now. The success of BCP planning depends upon the feasibility and appropriateness of the plan. However, only comprehensive TESTING of the contingency plans could validate that and everyone hates testing. It is important that the Contingency Plan clearly identify those responsible for declaring a disaster and executing the plan. BS 25999-2:2007 is the specification for implementing, establishing, and improving a business continuity management system (BCMS) within an organization.

The requirements in the standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature of business. The extent of application of these requirements depends on the organization’s operating environment and complexity. BS 25999-2 can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.

Purchase BS25999-2:2007 online today and prove business resilience to customers and partners.


BSI – What is Business Continuity Management?

Reblog this post [with Zemanta]

Tags: Business, Business continuity planning, Business Services, Contingency plan, Emergency Management, Fire and Security, Information Security, Risk management