...JIT2 Task 1 Part B ManIT, LLC Business Continuity Plan The information below is a Business Continuity Plan for ManIT, LLC to follow in the possible aftermath of a disaster causing major disruptions to the business. Preparation, response, and recovery from a disaster affecting the operations of ManIT, LLC, requires the full efforts of multiple personnel in many different departments. If such of an event does happen, this plan could be followed and monitored by the Continuity Management Team within ManIT, LLC. The Business Continuity Plan gives the responsibilities of the Continuity Management Team, where their goal is to make procedures that will help with the ManIT, LLC business functions. If such an event or disaster that does affect any functional area of the business, the Continuity Management Team would be there to facilitate all of the areas affected by the event or disaster and personnel involved. This team should include other smaller groups that would entail operations and communication, and damage assessment with each role of the groups to be defined whenever a major business disruption occurs. The leader of the Continuity Management Team will be a Coordinator and would be the central point of contact for all execution of plans. B1. Strategic Changes There are many changes that ManIT, LLC should implement to ensure that operations should continue should a disruption occur. In recent year, the Department of Homeland Security recommended...
Words: 2086 - Pages: 9
...Outline of ISO/IEC 27002:2005 Prepared for the international community of ISO27k implementers at ISO27001security.com Version 1 28th November 2007 0 INTRODUCTION 0.1 WHAT IS INFORMATION SECURITY? 0.2 WHY INFORMATION SECURITY IS NEEDED? 0.3 HOW TO ESTABLISH SECURITY REQUIREMENTS 0.4 ASSESSING SECURITY RISKS 0.5 SELECTING CONTROLS 0.6 INFORMATION SECURITY STARTING POINT Information security is defined as the preservation of confidentiality, integrity and availability of information … Information security is defined as the preservation of confidentiality, integrity and availability of information … 0.7 CRITICAL SUCCESS FACTORS 0.8 DEVELOPING YOUR OWN GUIDELINES 1 SCOPE 2 TERMS AND DEFINITIONS 3 STRUCTURE OF THIS STANDARD 3.1 CLAUSES Security controls directly address risks to the organization, therefore risk analysis is a starting point for designing controls. Security controls directly address risks to the organization, therefore risk analysis is a starting point for designing controls. 3.2 MAIN SECURITY CATEGORIES 4 RISK ASSESSMENT AND TREATMENT 4.1 ASSESSING SECURITY RISKS Information security policies, standards, procedures and guidelines drive risk management, security and control requirements throughout the organization Information security policies, standards, procedures and guidelines drive risk management, security and control requirements throughout the organization 4.2 TREATING SECURITY RISKS 5 SECURITY POLICY 5.1...
Words: 1623 - Pages: 7
...Abstract This paper will include creation of a business continuity plan for Red Circle that addresses any pre-incident changes the company can do to minimize and mitigate risk. The companies’ use and protection of sensitive data will be analyzed. The companies’ use and protection of member information will be analyzed. Discussion of the communication plan to be used during and following the disruption will be explained. Lastly steps on how the companies operations will be restored after the disruption will be discussed. Business Continuity Plan Red Circle is a non-for-profit health insurance company located in Minnesota. Red Circle serves members in commercial and government lines of business. The company has three office campuses located in Eagan, Minnesota. These locations are within 1 mile of each other. The company also has a location about 4 hours north of these locations, which houses customer service operations and claims processing employees. Pre-incident changes A well thought out and planned business continuity plan is a necessity to keep a business operational if a disaster should strike the company. Red Circle can be prepared for any disaster by having a business continuity plan in place with trained staff on how to implement the plan, if disaster or disruption occurs. Annually the business continuity plan should be reviewed for accuracy and updates. Since Red Circle is located in the Midwest region, which is prone to tornadoes, the company...
Words: 3224 - Pages: 13
...SUBDOMAINS: 325.3 SOLVING PROBLEMS & MAKING DECISIONS 326.3 EVALUATING ECONOMICS OF MANAGEMENT DECISIONS 326.4 MANAGING ENTERPRISE RISK & CONTINUITY 329.5 USING INFORMATION SYSTEMS FOR COMPETITIVE ADVANTAGE Competencies: 325.3.4: Problem Solving The graduate applies the problem solving process to solve organizational and team problems, and develops strategies to avoid decisionmaking pitfalls. 326.3.1: Decision Analysis The graduate analyzes risks and values and uses a variety of decision analysis tools and decision theory to evaluate alternatives during decisionmaking processes. 326.4.1: Enterprise Continuity The graduate analyzes enterprise continuity plans and the continuity planning process to ensure the inclusion of essential elements, processes, and stakeholder roles. 326.4.2: Continuity and the Global Marketplace The graduate applies international standards to company operations and assesses and recommends strategies for maintaining organizational stability and continuity in the global marketplace. 326.4.3: Contingency Planning The graduate develops and analyzes organizational contingency plans for responding to sudden and rapid environmental changes. 326.4.4 Risk Evaluation and Mitigation The graduate evaluates internal and external risks and recommends risk mitigation strategies and techniques to an organization. 326.4.5: Organizational Risk Management Programs The graduate develops and assesses enterprise risk manage...
Words: 923 - Pages: 4
...Business Continuity Planning There are a few different definitions of Business Continuity Planning. Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Business continuity plan is a collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. Whatever the definition, every business needs to have a continuity plan in case something happens to their data and information. A business continuity plan is different to a Disaster Recovery plan in that a disaster recovery plan is enacted after the disaster has happened. “A typical Business continuity plan includes: * Plans, measures and arrangements to ensure the continuous delivery of critical services and products, which permits the organization to recover its facility, data and assets. * Identification of necessary resources to support business continuity, including personnel, information, equipment, financial allocations, legal counsel, infrastructure protection and accommodations.”1 Business continuity planning needs to cover the company during a disruption in service from a disaster. The plan should cover all of the following such events: a. Equipment malfunction b. Disruption of power c. Application failure or corruption of the database d. Human error, sabotage or strike e. Malicious software f. Hacking ...
Words: 678 - Pages: 3
...Aero Business Contingency Plan The risk register that was created for Aero identified eight risks that could affect the completion of Aero’s IT security software product that two of its developers are working on. The register identifies these risks and notes the responses that Aero should handle in order to lower the damage done to the company’s finances, relationships and employee wellbeing. This product and its release to US government agencies as well as international businesses is essential to Aero’s budget forecasts for the next year. The two developers who are working on the software live in the DC area and need constant communication as well as access to the internet to conduct coding of the software. Because they are both in the same location, it would be wise for Aero to establish a business contingency plan, or BCP. Should a natural disaster occur, Aero’s employees on the project as well as its US government based customers would be greatly affected. A BCP will address continuity of business and Aero growth in the event of a natural disaster. The areas of business continuity to be analyzed are • Pre-incident adjustments • Ethical use and protection of sensitive data • Ethical use and protection of customer data • Communication plan • Post-incident continuity Pre-Incident Adjustments The following functions are necessary for Aero to finish the coding of their software and release it on time, selling it to government entities. • Two developers...
Words: 1536 - Pages: 7
...Example: Quality Coffee A2. Risk Register/Sources Risk | Description | Owner | Source | Likelihood of Occurrence* | Severity of Impact* | Controllability* | Equipment | Failure to procure equipment on a timely manner | Procurement | Contract | High | High | Medium | Theft | Failure by management to properly supervise POS | Legal | Criminal | High | Medium | High | Taxation | Increased taxation on foreign imports | Finance Contacts | Economic | Medium | Medium | Medium | Natural Disaster | Disruption to utilities/services essential for conducting business | Corporate | Natural | Medium | High | Low | Terrorism | Disruption in the supply chain resulting in product shortages | Supply Chain Management | Political | Low | High | Low | Land Use | Restrictive local codes requiring additional permits | Legal | Planning | Low | High | Medium | Increased Competition | Lower than expected sales from aggressive local competitors | Marketing | Market | Medium | Medium | Medium | Quality Control Issues | Reduced quality of products due to poor training | HR | Project | Medium | High | High | A1. Risk from Global Marketplace Activity One risk that emanates from an aspect of the company’s global marketplace activities is the risk of natural disaster. Measures should be taken to ensure that the effect from supply interruption, resulting from a natural disaster, is curtailed. Natural disasters can significantly impact the company in the form of shortages and price...
Words: 2606 - Pages: 11
...next order of business would be to organize, develop and administer a preparedness program that should include training, procedures, etc. With EPLAN, the main pieces for a disaster program would be around data. This company data is its key. This does not just contain customer data, but each individual’s data and their work needs to be backed up. Also they will need a plan for backing up all human resources filing and information, billing and finance and marketing data. First steps would be for the team to assemble a list of what are some of the hazards and assess the risks of losing this data. Second they would need to conduct an impact analysis plan to see if this will hurt the business. Third examine ways to prevent hazards from happening. With a company such as EPLAN, the team would evaluate all data and where the data is housed. Some servers are currently overseas but most data is stored in the office of Farmington Hills, MI. The server room is not protected by any Fire protection walls. The company data for employees are on their computers and are currently not being backed up onto the server as most of the employees work from home. The only employees that are backed up on the server are out of the Farmington Hills office. This office is where the Finance and human resource departments are located. So all of the electronic documentation is housed on the in house server but there currently they do not have a data warehouse to back up this data. All marketing...
Words: 2318 - Pages: 10
...Richman Investments Business Continuity Plan Implementation Planning By Quentin Ward Introduction Richman Investments is emerging as one of the top e-commerce businesses. In order to better protect our great company I have created a BCP or Business Continuity Plan to be able to offset any problems that may arise and threaten our company’s functions and activities. Included in this BCP will be a BIA (Business Impact Analysis) and a RA (Risk Analysis). Overview 1.1 Policy Statement It is the policy of Richman Investments to always have a Business Continuity Plan in place for all non-critical and critical functions. To ensure that the BCP is implemented each department manager is asked to see to it that the plan is carried through. 1.2 Introduction This is a Business Continuity Plan for Richman Investments located at 834 Harrison Lane Beverley Hills, CA 90210. It has been developed in compliance with the National Fire Protection Association (NFPA) Standard 1600. This plan was created in order to aid Richman Investments in any type of recovery effort needed. Employees should read and adhere in conjunction to the Business Continuity Plan to ensure their safety and the company’s well being. 1.3 Confidentiality Statement This document is classified as confidential property of Richman Investments. The sensitivity of the information contained in this document is only intended for the viewing and use of Richman Investment employees. Unauthorized use...
Words: 794 - Pages: 4
...Risk Management (JIT2) ------------------------------------------------- Business Contingency Plan – Petley Tea Petley Tea is a Global distributor of the finest tea leaves with a reputation for quality products, best customer service, and a reputation for one of finest companies to work for. Without a Business Contingency Plan this would not be possible, so we have developed a BCP to set a standard for operations. The purpose of this Business Continuity Plan is to provide general direction to ensure the execution of essential functions for Petley Tea in the event a disaster cripples or disables operations. It is imperative any organization plan for disaster, no matter how small or large the scale. The purpose of this plan is to address fundamentals necessary to provide stability of services during emergencies/disasters. The plan’s intent is to provide detailed procedures required to implement management’s requirements and an expeditious response to disasters/emergencies compromising or halting day to day operations. This will be imperative if prompt recovery of daily operations can’t be accomplished by implementing normal day to day operations. This BCP will explore the protection and ethical use of Petley Tea’s sensitive corporate data and customer records. It will provide a detailed communication plan to be followed during the event of an emergency/disaster. As well as, details on restoring operations following an emergency/disaster. I. Pre-Incident Changes...
Words: 2792 - Pages: 12
...solutions which could be used by a business as part of its recovery during disaster recovery or business continuity operations. You may focus upon the incident reported upon in your cybersecurity research paper OR you may take a more general approach. Your research will then be used to prepare a presentation (Power Point slides) in which you discuss how your selected solutions could be used to address cybersecurity problems specific to DR / BCP operations. Your presentation must also address the importance of disaster recovery planning and/or business continuity planning with respect to maintaining the confidentiality, integrity, and availability of information and information systems. Consult the grading rubric for specific content and formatting requirements for this assignment. The focus of your research for this assignment should be DR / BCP technology solutions for response and recovery after a cyber security incident of sufficient duration and impact to require activation of the organization’s Disaster Recovery and/or Business Continuity Plan. Suggested technology solutions include: * General DR/BCP Services * Palindrome http://www.youtube.com/watch?v=d60m6hUpgvs * Data Backup Solutions * Acronis http://www.acronis.com/solutions/smallbusiness/ * Cloud Computing (Infrastructure as a Service, Software as a Service, Platform as a Service) * VMWare http://www.vmware.com/solutions/datacenter/business-continuity/disaster-recovery.html ...
Words: 646 - Pages: 3
...throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance gone bad | Acceptable use Policy | Fire destroys primary data center | Disaster Recovery Policy | Communication circuit outages | Asset management Policy | Workstation OS has a known software vulnerability | Threat Assessment & Management Policy | Unauthorized access to...
Words: 1625 - Pages: 7
...Risk Management: Task 1C Dave Christian Western Governors University Author Note Research conducted by Dave Christian, College of Business, Western Governors University. Dave Christian is now founder at Helpology. This paper is referenced as an American Psychological Association (APA) research paper template available for free, worldwide use at Helpology (helpology.org) categorized under: Helpology Lifelist/Respect/Writing/FREE Helpology APA. Correspondence concerning this paper should be addressed to Dave Christian, Founder, Helpology, 2340 E. University Dr., Lot 85, Tempe, AZ 85281; Phone: (480) 331-9631; Email: Mr.Dave.Christian@gmail.com; Web site: helpology.org. Risk Management: Task 1C Austrian psychologist Viktor E. Frankl (n.d.) said, "Everyone has his own specific vocation or mission in life; everyone must carry out a concrete assignment that demands fulfillment. Therein he cannot be replaced, nor can his life be repeated, thus, everyone's task is unique as his specific opportunity to implement it." As a newly hired consultant, we have been tasked with the duties of creating and presenting a risk management/business contingency plan for our first client. The legal department and the IT department have both expressed concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content. In the interest of creating confidence and job satisfaction in this new position, our new employer has decided...
Words: 1022 - Pages: 5
...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are: Governance-Define and align with executive priorities...
Words: 3492 - Pages: 14
...Risk Management- Task 1- Hoke Enterprises, Inc. Tara Johnson A. 2. Risk Description Source Likelihood of Occurrence* Severity of Impact* Controllability* 1. Customer Changes to the brief and/or scope of work contract Low High medium 2. equipment Failure to order on time resources Low High High 3. Interruption to Supply Location to major suppliers must be identified in relation to season, geographic area, & natural disaster. organization high medium medium 4. design Movement of existing structure natural Low Medium medium 5. bid price May be higher than budget allowance. contract low High high 6. financing Failure to secure sufficient revenue to meet operating costs. Economical Low High medium 7. Skill shortage Meeting balance between skilled workforce & demand. social Very high high high 8. licensing To avoid conflicts with community & maintain good reputation in environmental, health, & safety. legislative high high high 3. Risk levels- These should be categorized by the probability of the occurrence and its uncertain impact. The requirements per scalability levels should be set at minimum requirements. The project team may choose to work at a higher scalability level than required or work at a lower level. However, the project team should consider other factors to determine what level of risk management effort is needed. These factors may include: (1) political sensitivity, (2) the type of the project, (3) location of the project and the...
Words: 2111 - Pages: 9
