Flashcards in IT Governance and Management - Organizational Continuity Planning and Disaster Recovery Deck (4):
Business Continuity Planning
Process of planning for disasters (BCM) and embedding plan in an organization's culture. Consists of identifying event that may threaten an organization's ability to deliver products and services. And creating structure that ensures smooth and continuous operations in event risks occur
6 step model
1) Create a BCM policy and program
2)Understand and evaluate organizational risks. BIA, business impact analysis, will identify the maximum tolerable interruption periods by function and organizational activity
3)Determine business continuity strategies - define alternative methods to ensure sustainable delivery of products and services; desired recovery times, distance to recover facilities, personnel, supporting tech, impact on stake holders.
4) develop and implement a BCM response- Document and formalize the BCM lan
5)Exercise, maintain, and review plan; maintenance and review require updating the plan as business processes and risks evolve
6)Embed BCM in the organization's culture
DRP - Disaster recover plans
Enable organizations to recover from disasters and continue operations.]
Includes 2 important goals
1)Recovery point objective (RPO) defines acceptable amount of data lost in an incident. Typically stated in hours and defines regularity of backups.
2)Recovery time objective (RTO) - acceptable downtime for a system or organization. Specifies longest acceptable time for a system to be inoperable