ISA6050 Business Continuity Planning Evaluation

User Generated

uhfxlqbgf

Computer Science

Johnson & Wales University

Description

Using the BCM Audit guide (see chapter 18 of the reference below), write an assessment of the attached BCP (see attached previous BCP assignment) against the interruption of the Pi-Filling electronics (see the attached simulation/description of the company) business, including how you might revise the BCP to improve it.

The BCP assessment should include recommendations for improving the business processes (again, see attached simulation/description of the company) themselves.

Reference:

Hiles, A. (2010). The Definitive Handbook of Business Continuity Management, 3rd Edition. John Wiley & Sons.

Unformatted Attachment Preview

Pi-Fillings Electronics Our business simulation is an on-line store which sells electronic accessories for Raspberry Pi miniature computers. It offers temperature/humidity sensors, cameras, and switches; with each category supplied by a different manufacturer in California. Products are paid for through a third-party payment processor which accepts credit card and PayPal payments; and they are sold directly through a company-owned on-site server in Pennsylvania. There is no EBAY or other digital marketplace presence. The company has been in business for four years, essentially since the birth of the Raspberry Pi computer, and has come to be a top-five source for accessories. On the company-owned server, we keep all of our records on customers such as name, address, email, previous order history and so on; but no financial information such as credit card numbers. The company sends out automated emails on new products, promotions, etc. from the server. All product information such as pictures, prices, etc. are also stored on the server. The website itself is on the company server and maintained by a part-time employee on the payroll whose salary is based on 15 hours per week. The company's gross receipts average $60,000/month and payroll is $22,000/month. Aside from the webmaster, there is a part-time bookkeeper and a full-time and part-ime warehouse/ packaging worker. The address we will use for the company website is http://74.208.170.199/Fillings Currently, there is no effort to protect the online contents of the server (this should be addressed in the BCP), but the physical server is housed in a store-front type office in a locked closet. The ISP (internet service provider) is the same ISP used by the majority of the businesses in the business district. This is a family business except for the employees listed above, with 3000 customers on record. At any given time, there is about 30 days’ worth of inventory on hand. The business is pictured below. 1 Purpose This document aims to help Pi-Fillings Electronics establish risk management practices and policies. These practices and procedures are meant to prevent the interruption of missioncritical services and quickly restore the business to full operation. Maintaining vital activities during a crisis and recovering with as little downtime as possible are two of the most basic requirements for ensuring company continuity. This business continuity plan considers many unanticipated situations, such as fires, disease outbreaks, natural catastrophes, cyberattacks, and other external threats. Business continuity is essential at a time when downtime is unacceptable. Extreme weather events and cyberattacks are two examples of the many factors that might cause downtime. Therefore, it's crucial to have a business continuity strategy to cope with unexpected operational interruptions. This business continuity plan will allow the business to continue operating, if not fully, then at least partially. This continuity strategy will also help the company maintain its ability to bounce back fast after a disruption. This way, the company will save money, time, and reputation. Outcome This business continuity plan is meant to achieve many goals, among them being; i. Reduce monetary risk One of the goals of this business continuity plan is to cut down on the amount of commercial and financial risk. The company can reduce the chance of a data breach, substantial power or data loss, or system failures, for example, by establishing a more resilient network or applying the right backup processes and procedures (Fani & Subriadi, 2019). It is possible to 2 avoid the financial consequences of such occurrences, even the more insignificant ones, by implementing an effective business continuity plan. This will allow the company to better protect its customers' information. ii. Provide valuable business data This business continuity plan is anticipated to generate a ton of data, including crucial activities, business units, recovery time goals, and interruption financial impacts. It's like having an encyclopedia full of useful information on business operations. Thereafter, the firm will utilize its data to develop strategic initiatives to advance the business and enhance its processes. iii. Build confidence among customers By being open and honest with their clients about their continuing business continuity initiatives, Pi-Fillings Electronics will be able to convey a very potent message that they are putting the necessary components in place to be available to them at all times. Customers and outside parties with whom they do business are also more confident in the organization because of its strong commitment to business continuity. iv. Preserve reputation and brand value If a disruption occurs, businesses that aren't ready to manage it run the danger of being unprepared for the public, making the wrong decisions about what to do next, and managing communication poorly. Fortunately, the recovery will be smooth thanks to Pi-Fillings Electronics' strategy, which protects the enviable reputation and carefully cultivated brand value. Plan objectives i. Identify Disaster Recovery Personnel. 3 One of the objectives of this Business Continuity Plan is to identify candidates for positions on the disaster recovery team. Within the business continuity plan framework, one of the most important roles to perform is that of the crisis management coordinator (Kumar, 2020). This person has been entrusted with the authority to make decisions and the responsibility of initiating the recovery plan processes and supervising the restoration of business activity. ii. Assess Risks and Impact One of the most important objectives of establishing this BCP is to conduct a risk assessment to locate the myriad of internal and external risks that might affect the functioning of the business. The risk assessment findings will be included in a business impact analysis, which will be used to identify the several types of disasters that might impact the organization and determine the severity of each potential outcome. iii. Provide the Step-by-Step Protocols The other additional objective of this plan is to provide the specific actions that need to be followed to help with the recovery process. When a disaster strikes, members of the staff probably won't be able to recollect the specific steps that need to be taken (Schätter et al., 2019). The disaster teams ought to have a general idea, but if they need more detailed instructions, they may go to the text and carry out the actions precisely the same way they are outlined there. iv. Identify Back-up Resources Teams in charge of recovery need to be knowledgeable about the most effective places, techniques, and resources. The BCP will include either the availability of alternative office space or the procedures necessary to locate a new safe site during the disaster. In addition, it will consider the availability of physical backup resources such as workstations and equipment. 4 Key staff One of the first steps in developing a robust strategy for continuing corporate operations is determining and assessing the significance of various roles and responsibilities. In other words, what exactly does each job entail, and is there a general agreement among all involved parties on the goals and responsibilities of each position? At Pi-Fillings Electronics, key staff and their responsibilities will include the following: i. Risk manager The risk manager's role will be to delegate particular duties and monitor the plan's visibility at the strategy level. ii. Executive sponsor The executive sponsor will have direct authority over the continuity planning program and his duties as chairman of the business continuity steering group. He will advocate for the program inside the organization and oversee the day-to-day administration of the tactical aspects of business continuity planning activities. iii. Continuity program manager The continuity plan manager will be directly responsible for the day-to-day operations, duties, and reporting related to the program (Kumar, 2020). When it comes time for business unit executives and continuity planners to build their continuity plans, he will be in charge of supervising and establishing the programmatic standards that will serve as a roadmap for them. iv. Business continuity planner 5 This team member will be responsible for delegating duties related to business continuity planning to internal team members. Using his expertise and previous experience in the relevant field, he will develop a continuity strategy for the particular business unit in question. v. HR manager This team member is in charge of all efforts, including those individuals whose lives have been affected by the occurrence (workforce, visitors, contractors, and other people). The team allocated to him will be responsible for providing first aid to the wounded, evacuating personnel, and maintaining contact with emergency services and personnel families. vi. Business leader This team member will be in charge of any tasks involving collaboration with external infrastructures, such as managing alternate routes and suppliers. He will be in charge of getting in touch with people in charge of internal infrastructure recovery. Communicating with staff In this case, the communication plan will entail two major aspects; consistency and timely. It will be easier to ensure everyone has the same goals and viewpoints if communication is consistent. Multiple people may sometimes share information; thus, these specifics must be consistent across all channels. Information shall be communicated in a voice that is unified and consistent. It's easy to miscommunicate and be misunderstood in an emergency, so maintaining a consistent message across all authorities, stakeholders, and media platforms can assist in reducing these issues (Alharthi & Khalifa, 2019). Repeated communications will also reinforce earlier signals, reducing the likelihood of misunderstanding. Messages and updates that are delayed for an extended period might lead to false assumptions and rash decisions. Therefore, 6 even if the messaging is repetitious, sending out plenty of messages will be crucial for reassuring recipients and establishing a timeline for releasing fresh information and updates. The organization will rely on social media, phone calls, and text messages when it comes to primary communication channels. Social media will allow staff located far from the vicinity to confirm their safety and check to see if their loved ones have done the same. The organization will also use social media to update people on the emergency's progress. While certain crises won't affect the employee's neighborhood, they could impact the business's physical location. In any event, social media is a fantastic tool for communication. The other communication channel is phone calls. When access to a landline or other electronic device is restricted or nonexistent, having a mobile phone might be a lifesaver. A mobile phone could function even if internet connectivity is unavailable, depending on the technology used. This way, the organization can alert its staff about the current situation and where they can seek refuge. The other channel is text messages. During a snowfall, warning workers to drive carefully or work from home through text messaging can save fatalities and thousands of dollars in property damage. In this scenario, the company will put up a system to automatically text an emergency message to every employee's number stored in a database, ensuring that the information reaches the phone in the employee's pocket or handbag (Moşteanu & Roxana, 2020). During the disaster, every employee will be availed of the right information to plan their safety. In addition, the organization will not restrict anyone from speaking to the media since it is within their rights, and their communication could save lives. Equipment 7 Depending on the magnitude of the disaster, employees will and will not be expected to work from their laptops or phones. For instance, if the disaster is a serious one, say a tornado, earthquake, or fire, employees will be advised to take refuge and not to work at the moment. However, if the disaster is minor, such as a low flood or a low-level storm, employees will be expected to work from home using their laptops and phones. When it comes to disaster equipment and distribution, the organization will have a large selection of disaster kits to serve employees’ needs. Having an emergency pack prepared before a crisis will also be crucial. Employees may not have time to look for the necessary materials if the company has to evacuate at the last minute. Therefore, the organization will stay ready with the ideal equipment for everyone. A disaster pack will include supplies for lights, food and water, solar blankets, first aid and CPR, hygienic necessities, and more. All equipment will be shared equally among the employees without discriminating against others based on superiority, fame, department, race, or religion. This will ensure that everyone, particularly during difficult times, feels like a team member. Since lives are at risk and it may take a while for help to come in most crisis scenarios, it is up to the organization to maintain control and take appropriate action. Therefore, the company will have search and rescue kits that include items for personal protection, equipment for getting in and clearing debris, emergency hand tools, and other emergency supplies. Scenario 1 Action Details Responsible Person(s) Building evacuation Adhere to standard fire drill protocol. Department managers Verify the incident If true alarm, take necessary action Department managers 8 Emergency services 999 Department managers Alert staff Inform staff as they wait for further instructions Department managers Assess impact Responsible members should assess the scale of the incident Department managers Business continuity Critical activity Details Responsible Person(s) Phones Employees to use cell phones to contact others. All staff Inform insurance company contact them using their landline Line manager Internet All employees are to use home internet All staff Inform customers Contact customers and inform them about the disruption Marketing Manager Scenario 2 Infrastructure Details Responsible Person(s) Phones Contact providers to assess the outage. Line manager Internet Contact providers to assess the outage. Line manager Mains Power Contact providers to assess the outage Line manager Business continuity 9 Critical activity Details Responsible Person(s) Phones Employees are to use cell phones to contact providers. All staff Internet Employees to use the internet to contact providers. All staff Mains Power Employees are to contact power providers to assess the outage. All staff Scenario 3 Critical activity Details Responsible Person(s) Identify compatible staff Every employee should be surrounded by teammates who can carry out their duties, even if only partially. All staff Assess the extent of loss Determine if the impacted employee's absence is most likely to be brief, extended, or permanent. Line manager Recovery phase Action Details Responsible Person(s) Plan recovery actions Agreed-upon activities will be specified in an action plan Line manager Publicize normal operations Through communication channels, let consumers know that business is as usual. Department managers 5. Review the Continuity Plan Update this strategy and put improved suggestions into practice. Make sure everyone on staff has reviewed the updated version of the plan. Line managers 10 References Alharthi, M. N. A. N., & Khalifa, G. S. (2019). Business continuity management and crisis leadership: an approach to re-engineer crisis performance within Abu Dhabi Governmental entities. International Journal on Emerging Technologies, 10(2), 32-40. Fani, S. V., & Subriadi, A. P. (2019). Business continuity plan: examining of multi-usable framework. Procedia Computer Science, 161, 275-282. Kumar, A. (2020). Business continuity plan. South Asian Journal of Engineering and Technology, 10(2), 1-4. Moşteanu, D., & Roxana, N. (2020). Management of disaster and business continuity in a digital world. International Journal of Management, 11(4). Schätter, F., Hansen, O., Wiens, M., & Schultmann, F. (2019). A decision support methodology for a disaster-caused business continuity management. Decision Support Systems, 118, 10-20.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

1

Business Continuity Plan
Student's Name:
Institutional Affiliations:
Due Date:

2

Business Continuity Plan
Introduction
Since information technology and communication systems are intertwined, many
firms must ensure they can continue functioning during a disruption. This paper will examine
the telecommunications sector, explicitly addressing threats, remedies, and contingency
considerations, describing different types of interruptions in more detail, making plans for
unforeseen events, and recovering. Additionally, this study elaborates on how to apply
security measures. Advising strategies for network infrastructure security is very important
because it is the foundation of modern communications systems (Kadam, 2017).
Business Continuity
The goal of business continuity is to proactively establish a solid execution strategy to
help reduce exposure and lessen the harm caused by catastrophes, whether manufactured or
natural. These occurrences could be unplanned, external, internal, accidental, or purposeful.
Various standards, techniques, and best practices are most suitable to facilitate the planning
and implementation of the business continuity and disaster recovery plan. The fundamental
goal of business continuity planning is to assist a company in becoming ready for service
interruptions brought on by an incident. A business continuity assessment aims to review an
organization's current security posture by locating key elements, vulnerabilities, and
readiness issues within its systems. In the event of an occurrence, organizations must have a
plan to continue operating. This can be accomplished if organizational planning is successful
and flexible enough to change to safeguard its infrastructure (Haidzir et al., 2018).
Planning for business continuity differs from ordinary contingency planning regarding
telecommunications services like Avisitel and AT&T. This preparation deals with
telecommunications systems in the worst possible situations. Many people place high
importance on communication because it is essential to any business's everyday operations.

3

Operations, profitability, and security can all be adversely impacted by disruptions to this part
of the firm. Communication system contingency planning necessitates understanding these
systems' great sensitivity, even to minor occurrences like local adverse weather. Disaster
recovery planning is also a part of business continuity planning for these systems to aid in
reestablishing contacts with stakeholders, customers, and workers, as well as sensitive data. It
strives to plan objectively for disruptions and recovery while identifying its essential
components. The most important features are physical customer sites, server locations, and a
telecommunications system's LAN and WAN (Kadam, 2017). The objectives of business
continuity planning are as follows:
a) In times of anarchy, act as a leader and give guidance
b) Reduce any possible monetary loss, equipment damage, or data loss
c) Covers the situation where operations are interrupted
Federal Standards Compliance
The National Institute of Science and Technology sets rules and regulations. In the
context of the federal government, they support implementing federal laws and regulations.
They ensure that the Federal Information Security Management Act (FISA) is followed,
safeguarding residents' privacy rights. This law aims to keep information protection
initiatives affordable. Other rules and regulations, like the NIST federal information
processing standards, are established by several different organizations. These were
developed by people who were nominated by the government and are enforceable by all
federal agencies. These provide the benchmarks for all entities and call for adherence to the
outlined norms (Muflihah & Subriadi, 2019).
Planning for Continuity
Considerations Information systems frequently change during the software development
life cycle phase due to changes in business and operational needs and rules (Kassema, 2019).

4

Given that these modifications often occur, it is imperative to define the SDLC phase. The
appropriate person should monitor how these needs and alterations are managed. Freshly
assigned contingency roles must be added to an updated plan along with newly documented
new information. Continuous monitoring is advised to aid a strategy's effectiveness, creation,
and maintenance. The approach employed for the SDLC model will also differentiate other
aspects. The program must be continuously monitored throughout the SDLC process. It is
necessary to assess each method, report, and action plan for compliance, correctness, and
adherence to the needs of the present business (Haidzir et al., 2018). The strategies should
cover the following:
i.

Operational requirements and needs

ii.

Off-site facilities will have security needs and risks

iii.

Technical guidelines and the timetable for plan implementation, as well as details on
crucial

iv.

Documents, private information, and backups

v.

Inventory and thorough data on all equipment, software, and other equipment

vi.

Roles and responsibilities assigned to team members, and their contact information
Telecommunications System Threats
Networks used for telecommunications systems, in particular, confront numerous

security issues. Data, internet, audio, and video are a few information exchange techniques
that make up the communication infrastructure. The network is most dangerous since it is
open to certain attacks. Some attacks include denial of service, integrity breaches, and altered
service confidentiality. Network security should come first when creating a contingency and
recovery plan for a firm in this sector (Muflihah & Subriadi, 2019).
Evaluating the interruption

5

It is necessary to evaluate the type and scope of the damages or disruption to determine
whether an incident, specifically a cyber-attack, occurred. This helps to launch any existing
disaster contingency measures further. The extent of the interruption and any imminent safety
risks must be rapidly determined through the outage evaluation. This group must have been
formed beforehand to enable swift action in the case of an emergency (Haidzir et al., 2018).
It's essential to gather the following details:
i.

Evaluating any possible future harm or interruptions, as well as the cause of the
outage or disturbance

ii.

Obtaining information on the present state of every element of the physical
infrastructure, including the electrical, heating, and air-conditioning systems, and the
telecommunications system

iii...


Anonymous
Very useful material for studying!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags