Page 215 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 215

responsible for the physical safeguarding of the primary facility
                    and alternate processing facility

                    Senior executives and other key individuals essential for the

                    ongoing viability of the organization

               This identification process is critical for two reasons. First, it provides
               the groundwork necessary to help identify potential members of the
               BCP team (see the next section). Second, it provides the foundation for
               the remainder of the BCP process.

               Normally, the business organization analysis is performed by the

               individuals spearheading the BCP effort. This is acceptable, given that
               they normally use the output of the analysis to assist with the selection
               of the remaining BCP team members. However, a thorough review of
               this analysis should be one of the first tasks assigned to the full BCP
               team when it is convened. This step is critical because the individuals
               performing the original analysis may have overlooked critical business
               functions known to BCP team members that represent other parts of

               the organization. If the team were to continue without revising the
               organizational analysis, the entire BCP process might be negatively
               affected, resulting in the development of a plan that does not fully
               address the emergency-response needs of the organization as a whole.




                          When developing a business continuity plan, be sure to

                  account for both your headquarters location and any branch
                  offices. The plan should account for a disaster that occurs at any
                  location where your organization conducts its business.




               BCP Team Selection


               In many organizations, the IT and/or security departments are given
               sole responsibility for BCP, and no arrangements are made for input
               from other operational and support departments. In fact, those
               departments may not even know of the plan’s existence until disaster
               strikes or is imminent. This is a critical flaw! The isolated development
               of a business continuity plan can spell disaster in two ways. First, the
   210   211   212   213   214   215   216   217   218   219   220