Introduction The following report is an analysis of exercises that can be conducted on a Business Continuity Plan. It examines seven types of exercises classified under two different categories of emergency management exercises. The report also explains the pros and cons associated with each exercise and gives a brief description of how each exercise can be coordinated.
Emergency Management Exercises Emergency management exercises are performed to ensure that the Business Continuity Plan (BCP) will be effective and successful when activated in the event of an emergency (Mechan, 2017). Exercises are divided into two main categories namely: discussion-based and operations based exercises (Mechan, 2017).
Discussion-based Exercises
…show more content…
However, seminars are not without their downside. There is a potential risk that if an unqualified speaker coordinates the seminar, the team players especially those new on the BCP or business recovery team will me misinformed (Mechan, 2017). In most cases, the information delivered may not be relevant to all players due to varying roles. In addition, seminars are not designed to exercise the plan in real-time. Seminars also have the potential of become boring if they are held very often and with the same basic information (U.S. Department of Education, n.d.).
Workshops
Unlike seminars where information is delivered to the players, workshops involve getting information from the exercise players. It is a brainstorming session that is intended to allow participants share ideas about a topic (Mechan, 2017). The group is broken into smaller groups to focus on the issue and eventually they reconvene to share the information from their respective groups. At the end of the workshop session, a summary report (brief meeting minute) is developed (Mechan, 2017). Workshops are advantageous in that they help with strengthening the relationships between the attendees (Community Tool Box, 2016). Attendees are able to share their ideas and are encouraged to actively participate (Community Tool Box, 2016). During this session, plans, procedures, and other materials could be created (Community Tool Box, 2016). There
a business continuity plan starting with a risk analysis, business impact analysis, and alignment of critical
mitigate these points assessments will be made in how to best mitigate the failure and what would need to be done to
Presentation regarding the university’s Disaster Recovery Plan/Enterprise Continuity Plan including: basic structures; roles within the DRP/ECP plan; areas within a company if addressed improve resilience to catastrophic events, and an employee awareness campaign.
Our company’s Continuity Management Program (CMP) dictates that the business adheres to an annual testing program. The program does utilize the guidelines from the Homeland Security Exercise and Evaluation Program (HSEEP). The Continuity Management team has written and scripted into our process to incorporate our Tabletop Exercise’s (TTX’s). Our annual process is to test each of our business units for resiliency. TTX’s allows for us to open up discussions and dialogues focusing on many different areas in the event we need to declare. Also, the exercises aid in discovering any gaps and working through each tier of the recovery process. Our business lines have Recovery Time Objectives (RTO’s) starting at 1 hour up to 72 hours. During the TTX’s we cover the business impact analysis (BIA’s ) and each of the RTO’s.
Good Business Continuity Planning starts with being proactive. That means taking concrete steps to plan for an incident much before it actually strikes. There is no one single approach that fits for all types of incidents as no two emergencies are identical. Much of business continuity planning varies based on the size of the company, company’s line of business, and the locations of the company, customers and suppliers.
The business continuity & disaster recovery is written into the policy to ensure each department knows and has a plan in case of an unexpected event such as a fire, vandalism, and natural disaster that would disrupt normal business. This part of the plan also states that data administrators are the ones responsible to implement procedures for critical backup of data and how long the recovery time would be which is set by the data stewards and other stockholders.
Explain the actions necessary to create corporate awareness and enhance the skills necessary to develop, maintain and carry out the Business Continuity Plan. Give examples.
In this day and age, a business continuity plan is essential to an organizations risk management. A large organization like Sunshine Machine Works understand that time is critical when it comes to natural disasters or man made interruptions to their network systems. When a system is offline for excessive amounts of time, could mean a loss to the organization. That’s why having an effective business continuity plan is vital to keeping operations for being disturbed during a time of crisis whether it is an attack or natural disaster that could potentially affect Sunshine Machine Works operations, data and networks.
The significance of each major phase of continuity planning merits attention because each phase contributes to building all four areas of business continuity: disaster recovery, business recovery, business resumption, and contingency planning:
Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).
As a consultant brought into an organization concerned about business continuity I would recommend to first perform a Risk Assessment Analysis and/or Business Impact Analysis (BIA). Conducting a business impact analysis will allow an organization to know the system or application’s downtime tolerance. The analysis will identify all systems and applications that can experience little to no downtime. Conducting risk assessment analysis will allow the organization to identify all the risks at the beginning and during the life of the organization, and grade the risks in terms of likelihood of occurring and seriousness of impact on the organization. Either analysis is an excellent tool and will result in the beginning creations of disaster recovery and business continuity planning. If using the BIA method a good first step is identifying the business’ most crucial systems and processes to assess what effect the outages will have on the business. All systems or applications should have a back-up location offsite to ensure business continuity. The higher the impact the more money a company should spend in order to quickly gain restoration of their business.
Owning a business can have many stressors day to day. When starting a business there is a lot of planning and preparation involved. Many small businesses are owners who have put their own money into the business and look at it as an investment. Unfortunately with all the planning that goes into starting a business, one thing is often over looked. Most of the time the “what ifs”, are not part of the planning stage. One reason for this is that people do not like to think of the bad things that could or may happen. So with all the time and planning put into starting a business why not put some extra thought into a plan B if a disaster strikes? This plan B could be a business continuity plan or a disaster recovery plan. Business continuity plans are an essential part of the modern day business. There are so many potential disasters for small businesses that could seize the production or even close the business down for good. A recent study from Gartner Inc., found that “90% of companies that experience data loss go out of business within two years. It also found that 80% of company owners have not thought about how they would keep their businesses up and running if a data disaster occurs.” According to the Association of Records Managers and Administrators, “about 60 percent of businesses that experience a major disaster such as a fire close
The effective contingency plan should only include the high-priority items and it should be as simple as possible. The purpose for the contingency plans is to response quickly when there are changes of an organization’s current strategy. For example, the predefined strategy is based on some assumptions about the economy but the outcome is not what the organization assumed, the contingency plan can support the organization to react promptly. The effective contingency planning includes a seven step process. First, Identify both beneficial and unfavorable events that could possibly derail the strategy. This step includes the development of the formal contingency planning policy statement in order to provide it to relevant stakeholders the authority and guideline that required developing the effective contingency plan. Policy will be published when executive confirms it. To gather the high-level business requirements, define scope and allocating project resources. Second, Specify trigger points and calculate about when contingent events are likely to occur. It involves the Business Impact Analysis (BIA) to identify threat scenarios, prioritize key business processes and critical systems for business continuity. Executive approval on those choices of the critical business functions and the priority to recover during the disaster. Third, Assess the
In this study, the fields of emergency management, business continuity, strategic planning and scenario futuring were critically analyzed with a goal of developing an integrated strategic contingency planning model. This model will assist organizations in bringing their contingency planning program to a strategic level. Contingency planning can be fully integrated with day-to-day business processes if a new mindset is promulgated in the organization. Contingency planning no longer needs to be an isolated, specialized