Review the BIA
- BIA contains the prioritized list of critical business functions
- Should be reviewed for compatibility with the BC plan
- BIA is usually acceptable as it was prepared and released by the
- Contingency Planning Management Team Contingency Planning Management Team (CPMT).
Forming the Disaster Recovery Team
- Should include members from IT, InfoSec, and other departments
- DR team is responsible for planning for DR and for leading the DR process when a disaster is declared
- Must consider the organization of the DR team and the needs for documentation and equipment
- DR team
- Should include representatives from every major organizational unit
- Should be separate from other contingency-related teams
- May include senior management, corporate support units, facilities, fire and safety, maintenance, IT, InfoSec
- May be advisable to divide the team up into sub teams.
- Sub-teams may include:
- Disaster management team: command and control, responsible for planning and coordination
- Communications: public relations and legal representatives to interface with senior management and general public
- Computer recovery (hardware): recovers physical computing assets
- Systems (OS) recovery: recovers operating systems
- Network recovery: recovers network wiring and hardware
- Sub-teams (continued):
- Business interface: works with remainder of organization to assist in recovery of non-technology functions
- Logistics: provides supplies, space, materials, food, services, or facilities needed at the primary site
- Other teams needed to reestablish key business functions as needed
- Guidelines are found in NIST Contingency Planning Guide for Information Technology Systems
- Planning process steps:
- Develop the DR planning policy statement
- Review the business impact analysis (BIA)
- Identify preventive controls
- Develop recovery strategies
- Develop the DR plan document
- Test, train, and rehearse
- Plan maintenance
- Purpose:
- Provide for the direction and guidance of any and all DR operations
- Must include executive vision and commitment
- Business disaster recovery policy should apply to the entire organization
- Scope:
- Identifies the organizational units and groups of employees to which the policy applies
- Roles and responsibilities:
- Identifies the key players and their responsibilities
- Resource requirements:
- Identifies any specific resources to be dedicated to the development of the DR plan
- Training requirements:
- Details training related to the DR plan
- Exercise and testing schedules:
- Specifies the frequency of testing of the DR plan
- Plan maintenance schedules:
- Details the schedule for review and update of the plan
- Special considerations:
- May include issues such as information storage and retrieval plans, off-site and on-site backup schemes, or other issues
- Review the BIA within the DR context
- Ensure that the BIA is compatible with the DR specific plans and operations
- BIA is usually acceptable as it was prepared and released by the
- Contingency Planning Management Team Contingency Planning Management Team (CPMT).
To Become Certified For CISSP Please Visit This Link;