:: DRI International :: Professional Practices

introduction/overview

project initation and management

risk evaluation and control

business impact analysis

developing business continuity strategies

emergency response and operations

developing and implementing
bc plans

awareness and training programs

maintaining and exercising
bc plans

crisis communication

coordination with external agencies

appendix a: north america

glossary

reference library

Design, develop, and implement Business Continuity and Crisis Management plans that provides continuity within the recovery time objective and recovery point objective.

A. The Professional’s Role is to:

1. Identify the Components of the Planning Process

a. Planning methodology

b. Plan organization

c. Direction of efforts

d. Staffing requirements

2. Control the Planning Process and Produce the Plan

3. Implement the Plan

4. Test the Plan

5. Maintain the Plan

B. The Professional Should Demonstrate a Working Knowledge in the Following Areas:

1. Determine Plan Development Requirements

a. Roles and responsibilities

b. Develop action plans/checklists

c. Review and evaluate tools, e.g., business continuity planning software

d. Acquire business processes and technology matrices and flowcharts

e. Develop forms to acquire information

f. Determine requirements for information database

g. Identify other supporting documentation

2. Define Continuity Management and Control Requirements

a. Define scope

(1) Identify incidents/events process may be utilized for

(2) Suggest severity criteria that may be used to create a definition

(3) Design escalation criteria

b. Identify and agree on approach to key phases for continuity; document-agreed approach

c. Establish procedure to transition from emergency response plan to crisis management and/or business continuity plans.

3. Identify and Define the Format and Structure of Major Plan Components

a. Plan designs and structures

(1) Define how plan structures are tied to the organization

(2) Document structure and design of plans

(3) Ensure built-in mechanisms to ease maintenance

(4) Define the process for gathering data required for plan completion

b. Allocate tasks and responsibilities

(1) Identify tasks to be undertaken

(2) Identify necessary teams to perform required tasks

(3) Assign responsibilities to teams

(4) Identify and list key contacts, suppliers, and resources

4. Draft the Plans

a. Select appropriate tools for plan development and maintenance

b. Draft the Plans, ensuring adequate and appropriate involvement of personnel
required to implement the plan

c. Continue gathering data as needed to ensure BCP is complete and accurate

5. Define Business Continuity and Crisis Management Procedures

a. Locate and catalogue organization information

(1) Identify and confirm processing and documentation critical to the organization’s key business

(2) Identify and determine which information/processes should be replicated

(3) Identify storage requirements

(4) Identify key suppliers

(5) Select or recommend appropriate methods of business backup including
understanding of retention periods and duplication/replication schedules, etc.

b. Information continuity

(1) Recommend and develop appropriate procedures taking into account:

a) Business requirements

b) Technology requirements

c) Legislative requirements

c. Process continuity

1) Recommend alternative ways to conduct when normal resources are unavailable following a disaster or other disruptive event that will be effective until continuity procedures are successfully implemented.

2) Recommend method/procedures to easily transfer business functions from any alternative, temporary, or emergency operation into the new replaced or re-installed service.

3) Identify critical equipment; acquisition and/or reconditioning mainframes.

6. Damage Assessment/Restoration Strategy

(1) Create an action plan for assessing damage including:

(2) Understand economics of repair versus replacement

(3) Understand the capabilities of salvage specialists in selecting and applying relevant methods of contamination analysis

(4) Understand the criteria for selecting appropriate subcontractors for salvage operations

(5) Clearly relate damage assessment to business continuity of organization

b. Define restoration strategy

(1) Employ a logical, but relevant, and practical approach to business recovery requirements

(2) Demonstrate ability to reduce consequential losses

(3) Agree upon restoration methods for business assets (e.g., equipment, electronics, documents, data, furnishings, premises, plant, computers, etc.)

(4) Understand the approval process for restoration, and especially, the implications of warranties

(5) Define a strategy for restoration

7. Develop General Introduction or Overview

a. General information

(1) Introduction

(2) Scope

(3) Objectives

(4) Assumptions

(5) Responsibility overview

(6) Testing

(7) Maintenance

b. Plan activation

(1) Notification

(a) Primary

(b) Secondary

(2) Disaster declaration procedures

(3) Mobilization procedures

(4) Damage assessment concepts

(a) Initial

(b) Detailed

c. Team organization

(1) Team description

(2) Team organization

(3) Team leader responsibilities

d. Policy statement

e. Emergency Operations Center

8. Develop Administration Team Documentation

a. Identify continuity functions for the following, including qualifications,
responsibilities and resources required

(1) Communications (public relations/media, client and employee)

(2) Personnel/human resources

(3) Security

(4) Insurance/risk management

(5) Equipment/supplies purchasing

(6) Transportation

(7) Legal

b. Other specialist coordinator/team responsibilities

(1) Relations/liaison with regulatory bodies

(2) Investor relations

(3) Relations with other involved groups (e.g., customers and suppliers)

(4) Labor relations

c. Develop specific procedures for each function or building identified above:

(1) Department/individual/building plans

(2) Checklists

(2) Technical procedures

9. Develop Business Operations Team Documentation

a. Operating department plans

(1) Essential business functions

(2) Information protection and recovery

(3) Activation actions

(4) Disaster site recovery/restoration actions

(5) End-user computing needs

b. Action sections

(1) Recovery team

(a) Personnel

(b) Responsibilities

c. Action plans

(1) Specific department/individual plans

(2) Checklists

(3) Technical procedures

10. Develop Information Technology Recovery Team Documentation

a. Recovery site activation

(1) Management

(2) Administration/logistics

(3) New equipment

(4) Technical services

(5) Application support

(6) Network communications

(7) Network engineering

(8) Operations

(9) Inter-site logistics and communications

(10) Data preparation

(11) Production control

(12) End-user liaison

b. End-user requirements

c. Identify components of vital records program

d. Action sections

(1) Recovery team

(a) Personnel

(b) Responsibilities

e. Action plans

(1) Specific department/individual plans

(2) Checklists

(3) Technical procedures

11. Develop Communication Systems

a. Voice communications recovery plans

(1) Phone lines, including in-bound, toll-free (1-800) lines, and fax lines

(2) Voice mail, voice response units, and other voice-based services

(3) Alternate arrangement for automated voice response during a disaster

b. Data communications recovery plans

(1) Data communications with mainframe-based information systems

(2) Local area network (LAN) recovery for work area recovery

(3) Wide area network (WAN) recovery for restoring global connectivity

(4) E-mail, groupware, and other data communications-based work support

c. Emphasize and ensure detailed and up-to-date documentation of voice and