Understanding and Evaluating Process Development


Disaster recovery for systems typically focuses on making alternative processes and resources available for transaction processing. A disaster recovery plan (DRP) should reduce the length of recovery time necessary and also the costs associated with recovery. Proper planning will mitigate the risk and impact of a major business interruption. Although DRP results in an increase of pre- and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. A disaster can be classified as a disruption that causes critical information resources to be inoperative for a period of time, adversely affecting business operations. Business continuity plans (BCP) are the result of a process of plan creation to ensure that critical business functions can withstand a variety of emergencies. Disaster-recovery plans deal with the immediate restoration of the organization's business systems while the business continuity plan also deals with the long-term issues before, during, and after the disaster. The BCP should include getting employees to the appropriate facilities; communicating with the public, partners, and customers; and making the transition from emergency recovery back to normal operations. The DRP is a part of the BCP and is the responsibility of senior management.

A disaster can be caused by naturally occurring events such as floods, tornadoes, fire, or earthquakes, but it can include anything that causes disruption to information processing. Other types of disasters include loss of electrical power or telecommunications, or direct or indirect attacks on the organization's systems or facilities (such as a terrorist attack or hacking). These are the attributes of a disaster:

  • Unplanned and unanticipated

  • Impacts critical business functions

  • Has the capacity for significant loss

According to the United Nation's International Decade for Natural Disasters Reduction, natural disasters kill one million people around the world each decade and leave millions more homeless each year. In addition, economic damages from natural disasters have tripled in the past 30 years, rising from $40 billion in the 1960s to $120 billion in the 1980s. In the past year, more than a dozen worldwide disasters have caused billion-dollar losses. Table 5.1 provides a snapshot of the costs resulting from natural disasters from 1983 to 1994.

Table 5.1. Costs of Natural Disasters from 1983 to 1994

Hurricane Alicia (USA, 1983)

$1.65 billion

Winter storm Herta (Europe, 1990)

$1.90 billion

Forest fire (USA, 1991)

$2 billion

Winter storm Wiebke (Europe, 1990)

$2.25 billion

Hurricane Iniki (Hawaii, 1992)

$3.00 billion

Winter storm Vivian (Europe, 1990)

$3.25 billion

Winter gale (Western Europe, 1987)

$3.70 billion

Blizzard (USA, 1993)

$5.00 billion

Typhoon Mireille (Japan, 1991)

$6.00 billion

Winter storm Daria (Europe, 1990)

$6.80 billion

Hurricane Hugo (USA, Caribbean, 1989)

$9.00 billion

Floods (USA, 1993)

$12.00 billion

Northridge Earthquake (USA, 1994)

$30.00 billion

Hurricane Andrew (USA, 1991)

$30.00 billion

Source: World Health Organization


During the initiation of the business continuity planning process, the BCP team should prepare for a meeting with senior management to define the project goals and objectives, present the project schedule, and review the proposed interview schedule (resources required). In preparation for this meeting, the BCP team should do the following:

  • Review the organizational structure to determine what resources will be assigned to the team

  • Review existing disaster-planning policies, strategies, and procedures

  • Review existing continuity plans

  • Research any events that have occurred previously (severe weather, fires, equipment or facility failures, and so on) and that had or could have a negative effect on the organization

  • Create a draft project schedule and associated documents (timing, resources, interview questionnaires, roles and responsibilities, and so on)

Per ISACA, the business continuity planning process can be divided into the following phases:

  • Analyze the business impact

  • Develop business-recovery strategies

  • Develop a detailed plan

  • Implement the plan

  • Test and maintain the plan

The development of an effective business-continuity plan will take all threats (disasters) into account during development. Some of these threats might affect systems only for minutes or hours, but the plan should include recovery from these events as well. The recovery might be simply restoring data from backups or moving personnel and equipment to a new facility to continue business operations.



Exam Cram 2. CISA
Cisa Exam Cram 2
ISBN: B001EEFNHG
EAN: N/A
Year: 2005
Pages: 146

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net