Current Need and Plan of BCP (ECP) Implementation:

ABC Healthcare International

Shane Huey, March 2014
Overview
Introduction
BCP Team Member Roles
Layers of Resiliency
DRP Team Training
Outsourcing the DRP
Awareness Campaign: Development
Awareness Campaign: Implementation


Introduction
Disaster Recovery Plan (DRP)A documented process
or set of procedures to recover and protect[enterprise] IT
infrastructure in the event of a disaster (Abram, 2012).
Note: DRP activated post disaster.

Enterprise Continuity Plan (ECP)The identification
and protection of critical business processes and resources
required to maintain an acceptable level of business,
protecting those resources and preparing procedures to
ensure the survival of the organization in times of business
disruption (Hiles, 2007). Also referred to as a BCP or
business continuity plan. Note: Goal is to prevent
occurrence of disaster scenario.
DRP/ECP Team Member Roles
Risk and threat assessment/identification
Development, implementation, and ongoing
testing/auditing of DRP/ECP
Policy and procedure implementation and
maintenance
Compliance and ongoing compliance auditing (multi-
tiered)
Planning and strategy
Data backup and physical systems redundancy






DRP/ECP Team Member Roles,
Cont.
Systems security
Physical security
Operational procedures
Environmental controls
Hierarchical response tree and communications
protocols (internal as well as with shareholders and
customers)
Recovery and salvage
Post-event analysis and remediation (where
warranted)

Layers of Resiliency
1) Strategy and vision
2) Organization
3) Processes
4) Applications and data
5) Technology
6) Facilities

(IBM Corporation, 2002 & 2007)
Layers of Resiliency: Strategy and
Vision
Resiliency begins with strategy (IBM, 2002).

The enterprise business strategy consists of the goals
and objectives of the organization and resiliency should
be built in from the outset (failure to meet goals and
objectives is a failure in resiliency). 3 factors impact
resiliency in terms of strategic success:

Uniqueness of competitive position
IT
Organizational culture

(IBM, 2002)


Layers of Resiliency: Organization
Leadership
Documented roles
Accountability
Clearly defined communications protocols
Leadership, employee, customer, shareholder, and
supplier collaboration
Flexibility

(IBM, 2002)
Layers of Resiliency: Processes
Business/enterprise processes
IT processes
Layers of Resiliency: Applications &
Data
Applications
Data
Layers of Resiliency: Technology
Technology
-Systems hardware
-Software and applications
-Network
Layers of Resiliency: Facilities
Facilities
-Security
-Environmental considerations
-Utilities
Security
-Physical
-Logical
DRP Team Training
The objective of awareness and training programmes is well defined in the BCI/
DRII common body of knowledge. It is to create corporate awareness and
enhance the skills required to develop, implement, maintain and execute the
business continuity plan (Hiles, 2007).

Business objectives
DRP/ECP awareness (policies and procedural)
IT
Security (IT and physical)
Random audits and DRP/ECP testing

Outsourcing DRP Needs
Experience
Long-term, standards-compliant solutions
Problem and process oriented
Current, industry standard technologies (e.g., backup, remote
access, data management, retrieval, and restoral, etc.)
Minimal requirements of internal resources (i.e., minimal
impact on business continuity)
Minimal to no post contract impact (able to resume former
responsibilities with little to no impact on operations upon
consultant withdrawal)
Regular reporting per enterprise needs

(Hiles, 2007)
Awareness Campaign:
Development
The objective of awareness and training programmes is well defined in the BCI/
DRII common body of knowledge. It is to create corporate awareness and
enhance the skills required to develop, implement, maintain and execute
the business continuity plan (Hiles, 2007).
Benefits of awareness training
Risk assessment
Identifying roles and responsibilities
Plan of implementation
Awareness Campaign:
Implementation
Clear and accessible policies
New hire/employee training; position/role creation
(e.g., Awareness Liaison)
Planning
Communications and response protocols
Scenario-based rehearsals, auditing, and testing
(scheduled and random)

Bibliography
Abram, Bill (2012). 5 tips to build an effective disaster recovery
plan. Retrieved from:
http://www.smallbusinesscomputing.com/News/ITManagement
/5-tips-to-build-an-effective-disaster-recovery-plan.html

Hiles, Andrew ed. (2011). The definitive handbook of business
continuity (Second edition). Indianapolis, Indiana: John Wiley &
Sons.

IBM Corporation (2002). Resilient infrastructure: Improving your
business resilience. IBM Global Services.

IBM Corporation (2007). Risk mitigation for business resilience.