Page 245 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 245
Summary
Every organization dependent on technological resources for its
survival should have a comprehensive business continuity plan in
place to ensure the sustained viability of the organization when
unforeseen emergencies take place. There are a number of important
concepts that underlie solid business continuity planning practices,
including project scope and planning, business impact assessment,
continuity planning, and approval and implementation.
Every organization must have plans and procedures in place to help
mitigate the effects a disaster has on continuing operations and to
speed the return to normal operations. To determine the risks that
your business faces and that require mitigation, you must work with a
cross-functional team to conduct a business impact assessment from
both quantitative and qualitative points of view. You must take the
appropriate steps in developing a continuity strategy for your
organization and know what to do to weather future disasters.
Finally, you must create the documentation required to ensure that
your plan is effectively communicated to present and future BCP team
participants. Such documentation should include continuity planning
guidelines. The business continuity plan must also contain statements
of importance, priorities, organizational responsibility, and urgency
and timing. In addition, the documentation should include plans for
risk assessment, acceptance, and mitigation; a vital records program;
emergency-response guidelines; and plans for maintenance and
testing.
Chapter 18 will take this planning to the next step—developing and
implementing a disaster recovery plan that includes the technical
controls required to keep your business running in the face of a
disaster.
