Business Continuity and Disaster Recovery Plan: A Case Study Report

Verified

Added on 2020/02/19

AI Summary

This report delves into the establishment and review of a Business Continuity Management (BCM) framework and strategies, focusing on a case study approach. It explores the development of a Business Continuity and Disaster Recovery Plan (BCDRP) to mitigate risks, particularly for companies like IBM. The report outlines key phases, including risk assessment, business impact analysis, strategy development, communication planning, plan testing, and regular reviews. It emphasizes the importance of understanding risks, conducting impact assessments, developing viable strategies, and establishing effective communication channels during crises. The report also highlights the need for continuous monitoring, testing, and updating of the BCM plan to ensure its effectiveness. Furthermore, the report underscores the importance of regulatory compliance, automation of manual processes, and cost-effectiveness in implementing BCM solutions. The conclusion emphasizes the iterative nature of BCM and the importance of expanding boundaries to include supply chain threats and vulnerabilities.

Establish and review the Business Continuity Management Framework and Strategies
Written By:
9/6/2017

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Design and develop a Business Continuity and Disaster Recovery Plan for reducing the
risk of case study
The business continuity plan needs to explore the company that can undertake little
adverse impact of potential disasters. Mainly, the companies like IBM should cover up the
preventive program, which can help in documenting New Zealand airport strategy, which will
include a comprehensive IBM framework, oversight program, and testing program for
making sure that the plan can be reviewed as well as regularly updated. Most companies try
to implement the phased methodology for analysing the vulnerable potential area, explain the
viable strategies and try to apply the business continuity plans (Snedaker, 2013).
A) Know your risks
In this phase, the companies set the complete extent practice, which is forth the
complete goal for IBM effort that validates the planned scope, and undertake process
inventory or either the business units required for the project. It also explores the primary
stakeholders within the process, including the steering committee, executive sponsors and
various other subject matter experts (Sollicito, 2002). It is analysed that this phase set the
parameters and tries to impart proper training about the project methodology and objectives.
It is analysed that stimulating the disaster scenarios is quite challenging for any
company. It includes the challenge of time-consuming for exploring the risks for efficiently
handling the techniques of risk management. The complete risk management process in the
context of IBM involves the movement of small details of the information so that that risk
can be tracked down (Sollicito, 2002). An accurate risk analysis not only try to prepare the
company for getting compliance towards IBM, but it also assists in enhancing the full
efficiency and performance of the enterprise.
B) Conduct a business impact analysis
1

The business impact analysis is considered as the next step that is required for
preparing business continuity plan. This area of the process tries to act as the base for
significant efforts of recovery planning (Doughty, 2000). It also includes every critical
business process and functions, as well as potential threats. Therefore, risks are explored,
prioritized as well as managed; the different areas of failure for the business cover up external
dependencies and the complete business effect of risk and calculation of SPOF. Recovery
point objectives, recovery time objectives, as well as recovery communication objectives are
also explored for every critical business process. This phase is used by IBM for studying the
regulatory needs and standards, which are expected to be followed; along with efforts and
time required for implementing IBM computer system.
IBM comes up with the issues of organizing the fragmented and distributed
information. IBM holds various techniques of risk management as well as internal control
activities for a different purpose, but the same is not coordinated to act as complete. This can
lead towards the inconsistencies and redundancies that might hamper the contingency plan of
an organization (Shah, 2013). Activities of organizing distribution and data are therefore the
highest management challenge, and the same is faced by IBM.
C) Develop continuity strategies to operate your business
Leveraging the data through BIA as well as an assessment of risk, the companies can
determine the functions of business as the mission critical or core, and then they establish the
strategy for managing the risk explored in the process of risk assessment. The frame of
critical time and its effect through BIA are applied for determining the contingency strategies
as most viable. The options of strategies should be satisfied through BIA for undertaking the
response time and cost effectiveness (Hingarh & Ahmed, 2013). Usually, the planners depict
2

the three to four options to the management as the highly cost effective option and provide a
recommendation of the same.
Internal audits of high level are necessary for any company, to comply with the
regulations and then to improve the performance through risk analysis and operational
efficiency. Nevertheless, manual handling of the enormous range of process related to audit
related programs and information, not only try to raise the management activities but also
reduces the level of performance (Hermann, 2015). The critical issue for any company is to
automate the manual process by undertaking the optimum audit management software
solutions that are cost friendly as well as efficient.
D) Identify communication needs
It includes the communication as well as coordination plan. Communication is
referred as something important during a crisis. The coordination and communication plan set
up the channel of communication that can be used during the IBM solution execution, and try
to determine the chain of command for coordinating with IBM solution efforts. It also defines
the contacts of authorized media and includes the procedure of notification for primary
vendors, suppliers, and clients (Henderson, 2016).
E) Be ready to go
It is noted that in the quest to understand, whether the IBM solutions are usable or
viable, and in that planners conduct the functional testing of the application that is mission
critical and personnel for verifying the process of business as expected. Plan testing is
referred as a regulatory requirement. It explains the used methodology for testing the IBM
solutions, by deciding how often it is tested, and even judge the failure and success of the
test. Once the decision is taken about the test methodology, then testing is done for business
continuity plan as the iterative job annually (Mansfield & Antonakos, 2009). Through
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

adhering to the IBM standards is entirely iterative, it needs regular monitoring and testing for
making sure that IBM solutions are operational and updated. It also includes the issues of
monitoring the process of continuous backup, so that failure of backup could be rectified
before it affects the lifecycle of IBM solution.
F) Review your plan
An obsolete program is considered good in comparison to no plan. Most of the
companies try to strive by keeping the business continuity plan updated with the updated as
well as the effective process of recovery. Components related to the recovery point
objectives, recovery time objectives are evaluated, and the same is included in the plan.
Managing and testing of the recovery strategy are referred as consistent with the highest
changes made in the enterprise. Ongoing education is maintained for creating awareness
about the responsibilities, when any emergency comes (Krause, 2006). Following the
standards of IBM is entirely iterative that needs regular monitoring and testing for making
sure that IBM has updated information and is operational. This also includes the issues
related to monitoring the process of ongoing backup, so that failure of backup could be
rectified before it affects the lifecycle of IBM.
It is analysed that organizations are expected to make sure that their business
continuity plan includes all information as per the companies changing requirement. It also
includes the issues related to hiring as well as training the staff over compliance with IBM as
well as functioning skills, so that business doesn't get hamper through any disaster.
Attaining highest through minimum is considered as a basic progressive rule of any
company. The key issue in complying with the regulations of IBM exist in exploring the
business continuity solution that is of high performance and holds lowest cost. The cost
impact is the key issue with IBM because business continuity plan is mainly viewed as the
4

blocked money that offers the return in the very few circumstances (Wallace & Webber,
2010). This includes the challenge, while exploring the system of backup storage and it it's
efficient as well as robust and even cost friendly.
When the data gets the invaluable treasure, one might face the issues of ensuring
optimum information security through safeguarding it through the theft as well as
unauthorized access. It needs the techniques of proper encryption and locks mechanism to
ensure that the information, which is backup is safe, even though is kept at the remote
location (Tipton & Krause, 2007). An organization adopting the conventional manual
handling is vulnerable towards data loss risk.
As per the case, New Zealand airport should make sure about the backup of
information, and they should have understood that it’s not the platform of hardware
dependent. This is a significant technical need and needs to be kept in mind, so that backup
information could be restored whenever it’s needed (Heng, 2009).
Conclusion
The process of business continuity is mainly designed for making sure that companies
efficiently operates when the time is normal and continue when its turbulent time. This
depicts the robust continuity system, which is tested continuously, updated and exercised.
Entities and organizations, which are new in the business usually emphasize over the efforts
within organizational boundaries. With the arrangements of business continuity plan
maturing, the boundaries are expanding and including the threats and vulnerabilities of the
supply chain through the companies activities located closely. This is where the framework of
business continuity breaks down. Nevertheless, it is noted that professional innovators have
started to acknowledge about the significance of comprehending solution provider, such as
MetricStream that supports the organizations in all around the activities that start from
5

planning to implement the strategies of the business continuity plan, within the cycle of
continuous improvement. It also caters to the different needs of a business seamlessly, and
analyze whether the requirement is related to point solution for solving the immediate need or
for planning the program of business continuity.
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Doughty, K. (2000). Business Continuity Planning: Protecting Your Organization's Life Best
Practices. CRC Press
Henderson, D. M. (2016). Template for Comprehensive Business Continuity Management to
Enhance Your Organization's Resilience, 5th Edition. Rothstein Publishing
Heng, G. M. (2009). A Manager's Guide to Implement Your IT Disaster Recovery Plan.
GMH Continuity Architects
Hermann, J. W. (2015). Engineering Decision Making and Risk Management. John Wiley &
Sons
Hingarh, V. & Ahmed, A. (2013). Understanding and Conducting Information Systems
Auditing + Website. John Wiley & Sons
Krause, M. (2006). Information Security Management Handbook on CD-ROM, 2006 Edition
Volume 27 of (ISC) 2 Press. CRC Press
Mansfield, K. C., & Antonakos, J. L. (2009). Computer Networking for LANS to WANS:
Hardware, Software and Security. Cengage Learning
Shah, H. (2013). Mobile Working: Technologies and Business Strategies. Routledge
Snedaker, S. (2013). Business Continuity and Disaster Recovery Planning for IT
Professionals. Newnes
Sollicito, M. (2002). Business Survival: A Guide to Business Continuity Planning and
Disaster Recovery. Michelle Sollicito
Tipton, H. F., & Krause, M. (2007). Information Security Management Handbook, Sixth
Edition. CRC Press
7

Wallace, M., & Webber, L. (2010). The Disaster Recovery Handbook: A Step-by-Step Plan to
Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets.
AMACOM Div American Mgmt Assn
8