CISA Made Easy

                                           - easy CISA preparation

Monday, January 5, 2009

Business Continuity Planning (BCP)– Essential Steps

Disaster can happen anytime to any strong setup. The best way to provide stability is by establishing mechanisms to provide continuity to all critical Operations. This can be achieved by a proper Business Continuity Plan (BCP). Business Continuity Planning is not only very important for CISA examination but equally important for Information Systems/Information Security setup. It is very critical to identify all critical process. Criticality ranking is required.Recovery Process needs to be established and a proper testing system is to be devised.
Following are the essential steps in designing a successful BCP.

1. Business Impact Analysis

In the first phase we define all the critical resources which includes critical procedures, critical process and all the critical people. Remember processes connect procedures and people. Their impact analysis is studied individually and in overall system.

Business Impact analysis involves:

i. Criticality definition

ii. Criticality identification
iii.Individual/Overall Criticality impact
iv.Criticality Ranking.

2. Strategies for recovery

Recovery process are designed which helps in identification, declaration and restoration of important critical resources. Recovery Strategies needs to be devised for :

i. Identification of disaster
ii. Declaration of Disaster
iii.Various Teams development
iv.Backup Planning
v. Restoration Planning
vi.Resource allocation

3. Testing of BCP

Testing can be of following types:

i. Paper test
ii. Full test

Depending upon architecture of the Information System Testing mechanism should be adopted. Ideal situation will be a paper test followed by Full test. For the full test a replica of main setup is needed as Disaster recovery setup.


All of the above steps should be well documented, tested and approved.

5.Involvement of top Management

In my view this is the most crucial step for a successful BCP.

6.Periodic review

Periodic review is very important. BCP should also be reviewed when there is a major change in Information System.

Read More......

Home | | | | |

CISA made Easy - Easy CISA Preparation