Page 234 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 234
operations facility in Egypt is negligible and would be deemed an
acceptable risk. The risk of a monsoon in New Delhi is serious enough
that it must be mitigated by BCP provisions.
Once the BCP team determines which risks require mitigation and the
level of resources that will be committed to each mitigation task, they
are ready to move on to the provisions and processes phase of
continuity planning.
Provisions and Processes
The provisions and processes phase of continuity planning is the meat
of the entire business continuity plan. In this task, the BCP team
designs the specific procedures and mechanisms that will mitigate the
risks deemed unacceptable during the strategy development stage.
Three categories of assets must be protected through BCP provisions
and processes: people, buildings/facilities, and infrastructure. In the
next three sections, we’ll explore some of the techniques you can use to
safeguard these categories.
People
First, you must ensure that the people within your organization are
safe before, during, and after an emergency. Once you’ve achieved that
goal, you must make provisions to allow your employees to conduct
both their BCP and operational tasks in as normal a manner as
possible given the circumstances.
Don’t lose sight of the fact that people are your most
valuable asset. The safety of people must always come before the
organization’s business goals. Make sure that your business
continuity plan makes adequate provisions for the security of your
employees, customers, suppliers, and any other individuals who
may be affected!
People should be provided with all the resources they need to
complete their assigned tasks. At the same time, if circumstances
dictate that people be present in the workplace for extended periods of
