Page 242 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 242

backup copies of those records.

               One of the biggest challenges in implementing a vital records program
               is often identifying the vital records in the first place! As many

               organizations transitioned from paper-based to digital workflows, they
               often lost the rigor that existed around creating and maintaining
               formal file structures. Vital records may now be distributed among a
               wide variety of IT systems and cloud services. Some may be stored on
               central servers accessible to groups, whereas others may be located in

               digital repositories assigned to an individual employee.
               If that messy state of affairs sounds like your current reality, you may

               want to begin your vital records program by identifying the records
               that are truly critical to your business. Sit down with functional leaders
               and ask, “If we needed to rebuild the organization today in a
               completely new location without access to any of our computers or
               files, what records would you need?” Asking the question in this way

               forces the team to visualize the actual process of re-creating operations
               and, as they walk through the steps in their minds, will produce an
               inventory of the organization’s vital records. This inventory may
               evolve over time as people remember other important information
               sources, so you should consider using multiple conversations to
               finalize it.

               Once you’ve identified the records that your organization considers

               vital, the next task is a formidable one: find them! You should be able
               to identify the storage locations for each record identified in your vital
               records inventory. Once you’ve completed this task, you can then use
               this vital records inventory to inform the rest of your business
               continuity planning efforts.


               Emergency-Response Guidelines

               The emergency-response guidelines outline the organizational and
               individual responsibilities for immediate response to an emergency

               situation. This document provides the first employees to detect an
               emergency with the steps they should take to activate provisions of the
               BCP that do not automatically activate. These guidelines should
               include the following:
   237   238   239   240   241   242   243   244   245   246   247