The plan needs to be developed by a team representing all functional areas of the organization. If the organization is large enough, a formal project should be established, which must have approval and support from the very top of the enterprise.
The first step on the path to assurance is taking that first step. Failing to take it, or taking it in a half hearted manner, could have dire consequences.
One of the first tasks to be undertaken is to prepare a comprehensive list of the potentially serious incidents that could affect the normal operations of the business. This list should include all possible incidents no matter how remote the likelihood of their occurrence.
Against each item listed the project team or manager should note a probability rating. Each incident should also be rated for potential impact severity level. From this information, it will become much easier to frame the plan in the context of the real needs of the organization.
SUPPORTING TOOLS & PRODUCTS Almost synonymous with the term 'security risk analysis', COBRA is used by countless enterprises and many governments across the world. Quite simply, it is a tool used to make what can be a complex methodology, as simple as possible.
It's link with disaster recovery and business continuity is that it is built to perform the above tasks... which are formally called business impact analysis and risk analysis.
Once the assessment stage has been completed, the structure of the plan itself can be established. The plan will contain a range of milestones to move the organization from its disrupted status towards a return to normal operations and normal business.
The first important milestone is the process which deals with the immediate aftermath of the disaster. This may involve the emergency services or other specialists, who are trained to deal with extreme situations and circumstances.
The next stage is to determine which critical business functions need to be resumed and in what order. The plan will, of necessity, be detailed, and will identify the key individuals who should be familiar with their duties under the plan.
SUPPORTING TOOLS & PRODUCTS FOR PLAN DEVELOPMENT
The BCP Generator provides a straight forward way of creating a comprehensive contingency and disaster recovery plan. It comprises a top quality contingency guide and a an easy to use business continuity plan template.
The tool was created by leading industry figures, enabling a fully functional plan to be created with minimum of fuss. This for us is a major strength - plan development should not be rocket science.
The plan must be tested by those who would undertake those activities if the situation being tested occurred in reality. The test procedures should be fully documented and the results recorded. This is important to ensure that objective feedback is obtained for fine tuning the Plan.
Equally, it is important to audit both the plan itself, and the contingency and back up arrangements supporting it. No short cut could be made here at all.
SUPPORTING TOOLS & PRODUCTS FOR CHECKING & TESTING The Disaster Recovery Toolkit is a collection of contingency review and audit items and documents. It consists of: a contingency audit questionnaire; a checklist, framework and action list for contingency planning; an audit questionnaire for your the plan; a dependency analysis document (questions and guidence); a business impact analysis questionnaire.
The toolkit is basically designed to help you perform a full audit and check of your contingency situation and practises. Again, for us, its simplicty is a major plus.
Again, it is important that all personnel take contingency planning seriously, even if the events which would trigger the plan seem remote and unlikely. Obtain feedback from staff in order to ensure that responsibilities and duties are fully understood, particularly those which require close dependency on actions being taken by others
Someone must be assigned responsibility for ensuring that the plan is maintained and updated regularly. It is important to ensure that information concerning changes to the business process are properly communicated.
Any changes or amendments made to the plan must be fully tested. Relevant personnel should also be kept abreast of such changes in so far as they affect their duties and responsibilities.
你可以使用这个链接引用该篇文章 http://publishblog.blogchina.com/blog/tb.b?diaryID=4987515