Professional Documents
Culture Documents
Đặng Nam Bình-SE171569- Lab 7
Đặng Nam Bình-SE171569- Lab 7
e BIA
nSampl
izatio
priorit
with
):
theses
(paren
in (paren
e BIA
nSampl
izatio
priorit
with
):
theses
in (paren
or Process
e BIA
nSampl
izatio
priorit
with
):
theses
in (paren
Internal and external voice
e BIA
nSampl
izatio
priorit
with
):
theses
in Factor
Purpose/Objectives
Maintain the Continuity of Essential Business Operations: Ensure that vital business functions
remain operational and resilient.
Reduce Operational Interruptions and Financial Impact: Take steps to minimize disruptions to
operations and limit financial losses.
Establish Clear Roles and Procedures for Incident Response and Recovery: Define specific roles,
responsibilities, and processes for effectively responding to and recovering from incidents.
Adhere to Regulatory and Industry Standards: Ensure compliance with all relevant regulatory
requirements and industry best practices.
Scope
This policy applies to all ABC Credit Union employees, contractors, and third-party service
providers involved in critical business operations. It covers all business units, departments, and
locations of ABC Credit Union.
Within the Business Continuity Plan (BCP) outline, the scope includes:
Standards
This policy includes Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
as essential benchmarks for business continuity planning. RTOs specify the maximum
permissible downtime for each critical function, whereas RPOs establish the acceptable amount
of data loss in the event of an incident. Following these benchmarks ensures prompt recovery
and minimizes data loss.
Procedures
- Performing a thorough Business Impact Analysis (BIA) to pinpoint critical functions,
dependencies, and recovery priorities.
- Creating and consistently updating Business Continuity Plans (BCPs) informed by BIA results.
- Setting up communication protocols, roles, and responsibilities for incident response and
recovery.
- Regularly conducting tests, training sessions, and drills to ensure the BCP's effectiveness.
Guidelines
Potential obstacles in implementing the policy may include limited resources, insufficient
awareness, or resistance to change. To overcome these challenges, ABC Credit Union will:
- Allocate necessary resources and support for BCP development and training.
- Run awareness campaigns and training sessions to educate employees about their roles during
disruptions.
- Establish a feedback mechanism to continuously refine the BCP based on insights from testing
and actual incidents.
Lab #7 – Assessment Worksheet
Perform a Business Impact Analysis for an IT Infrastructure
Lab Assessment Questions & Answers
Why must an organization define policies for an organization’s Business
Continuity and Disaster Recovery Plans?
Organizations need to establish policies for Business Continuity and Disaster Recovery Plans to
provide clear guidelines, roles, and procedures for effective response and recovery from
disruptions. This ensures operational resilience and minimizes downtime.
When should you define a policy definition and when should you not define
one?
A policy should be defined when specific actions or behaviors within an organization require
clear guidelines, rules, and procedures. However, it should not be defined when situations call
for flexibility, adaptability, and individual discretion.
Why is it critical to align the RTO and RPO standards within the policy
definition itself?
Aligning Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) within the
policy is crucial to ensure that the organization's continuity and disaster recovery strategies meet
specific time and data loss thresholds, enabling timely recovery and minimal operational
disruption.
How does risk management and risk assessment relate to a business impact
analysis for an IT infrastructure?
Risk management encompasses the comprehensive approach of identifying, assessing, and
mitigating risks throughout an organization. Within this framework, risk assessment focuses
specifically on evaluating the likelihood and impact of risks on IT infrastructure. Both risk
management and risk assessment provide crucial inputs for a Business Impact Analysis, aiding in
the identification of critical IT functions and prioritization of recovery efforts.
True or False – If the Recovery Point Objective (RPO) metric does not equal
the Recovery Time Objective (RTO), you may potentially lose data or not
have data backed-up to recover. This represents a gap in potential lost or
unrecoverable data.
True. Misalignment between the Recovery Point Objective (RPO) and Recovery Time Objective
(RTO) can lead to a gap where data loss may occur. The RPO sets the maximum acceptable data
loss, while the RTO defines the timeframe for recovering systems and data.
From Part B – Define a Policy Definition for a BCP/DRP, how did you answer
the procedures for how to implement this policy throughout your business?
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) serve as an
organization's final corrective measures when other controls have failed. They aim to prevent or
address extreme circumstances like injury, loss of life, or the failure of an entire organization due
to unforeseen events.
True or False. An organization must have a Business Impact Analysis and list
of prioritized business functions and operations defined first prior to building
a BCP and DRP.
True
True or False. An organization must have a Business Impact Analysis and list
of prioritized business functions and operations defined first prior to building
a BCP and DRP.
Because having proper security controls and documented BIA, BCP, DRP help reduce risk of
disaster and data loss, increase customers’ trusS