...Audit of Business Continuity Planning (BCP) Final Audit Report Audit and Evaluation Branch June 2006 Tabled and approved by DAEC on January 9, 2007 Audit of Business Continuity Planning (BCP) Industry Canada (IC) TABLE OF CONTENTS 1.0 EXECUTIVE SUMMARY .............................................................................................. 2 1.1 INTRODUCTION ................................................................................................................ 2 1.2 OVERALL ASSESSMENT.................................................................................................... 2 1.3 MAIN FINDINGS, CONCLUSIONS AND RECOMMENDATIONS ............................................. 2 1.3.1 Business Continuity Plan Governance (See Section 3.1 of the BCP Standard) ......... 2 1.3.2 Business Impact Analysis (See Section 3.2 of the BCP Standard).............................. 3 1.3.3 Business Continuity Action Plans and Arrangements (See Section 3.3) .................... 4 1.3.4 BCP Program Readiness (See Section 3.4 of the BCP Standard) .............................. 5 1.3.5 BCP Training and Awareness (See Section 3.4 of the BCP Standard) ...................... 5 2.0 INTRODUCTION............................................................................................................. 7 2.1 BACKGROUND .................................................................................................................. 7 2...
Words: 5659 - Pages: 23
...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are: Governance-Define and align with executive priorities...
Words: 3492 - Pages: 14
...The concept of security has many associations. It can include safety to individuals, the society, groups that include status, religion and colour, businesses and any other legitimate organizations. The concept of security has been an issue across generations both in animal and human societies. The often quoted sentence ‘survival of the fittest’ comes to mind in this instance. This suggests that individuals and groups (of any order) will resist and create conflict in order to survive in a particular environment, whether it is within a family, society, politics, or a business environment. Whatever the reasons may be or legitimacy of the conflict, it is up to the receiving party to ensure that they survive and grow in spite of security issues. In the business world, competition often produces security problems. The concept of globalization, the growth and expansion of multinationals has resulted in new security threats that are related to political and religious factors. In other words, business organizations can be subject to threats from local businesses, political parties, and terrorist organizations. Local businesses can create problems because the new entrants are seen as a threat and competition to their existing businesses activities. Political parties that are not in power may pose a threat because they oppose the ruling party and not the business enterprise. Terrorism and other forms of violence may occur against specific business organizations since they are seen as a representative...
Words: 5050 - Pages: 21
...Fundamentals of Emergency Management Independent Study 230.a January 14, 2010 FEMA COURSE OVERVIEW Unit 1: Course Introduction Introduction How to Complete This Course Unit 1 Objectives Course Objectives Case Study: Tornado in Barneveld, Wisconsin Your Place in the Emergency Management System Case Study: Hazardous Chemical Release Activity: Where Do I Fit? Unit 2: Overview of the Principles of Emergency Management and the Integrated Emergency Management System Introduction and Unit Overview FEMA Mission and Purpose Response Authorities History Principles of Emergency Management Recent Changes to Emergency Planning Requirements Why an Integrated Emergency Management System? Emergency Management Concepts and Terms Partners in the Coordination Network Activity: Partners in the Coordination Network Emergency Management in Local Government Activity: Where Is Emergency Management in My Community? Unit 3: Incident Management Actions Introduction and Unit Overview Introduction to the Spectrum of Incident Management Actions Prevention Preparedness Response Activity: Response Operations Recovery Mitigation Unit 4: Roles of Key Participants Introduction and Unit Overview The Role of the Local Emergency Program Manager State Emergency Management Role How the Private Sector and Voluntary Organizations Assist Emergency Managers Federal Emergency Management Role The National Response Framework Activity: Emergency Management Partners ...
Words: 35531 - Pages: 143
...a l s Operational Risk Management and Business Continuity Planning for Modern State Treasuries Ian Storkey Fiscal Affairs Department I N T e r N A T I o N A l M o N e T A r y F U N D INTerNATIoNAl MoNeTAry FUND Fiscal Affairs Department Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey Authorized for distribution by Sanjeev Gupta November 2011 DISCLAIMER: This Technical Guidance Note should not be reported as representing the views of the IMF. The views expressed in this Note are those of the authors and do not necessarily represent those of the IMF or IMF policy. JEL Classification Numbers: Keywords: H12, H60, H63, H83 business continuity, disaster recovery, business continuity and disaster recovery plan, operational risk, operational risk management, treasury operations ian@storkeyandco.com Author’s E-Mail Address: TECHNICAL NoTEs ANd MANUALs Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey This technical note and manual (TNM)1 addresses the following main issues: • What is operational risk management and how this should be applied to treasury operations. • What is business continuity and disaster recovery planning and why it is important for treasury operations. • How to develop and implement a business continuity and disaster recovery plan using a six practical-step process and how to have it imbedded into...
Words: 10882 - Pages: 44
...SC Response to Terrorism Project MIT Center for Transportation and Logistics “Supply Chain Response to Terrorism: Creating Resilient and Secure Supply Chains” Supply Chain Response to Terrorism Project Interim Report of Progress and Learnings August 8, 2003 This report was pre pared by James B. Rice, Jr. of the MIT Center for Transportation and Logistics (CTL) and Federico Caniato of Politecnico di Milano for the Supply Chain Response to Terrorism Project team with contributions from team members Jonathan Fleck, Deena Disraelly, Don Lowtan, Reshma Lensing and Chris Pickett. This work was conducted under the direction of Professor Yossi Sheffi, CTL Director. Please contact James B. Rice, Jr. of CTL (jrice@mit.edu or 617.258.8584) if you have any questions or if you would like to discuss this report. 08/12/2003 1 SC Response to Terrorism Project Supply Chain Response to Terrorism Project: Interim Report of Progress and Learnings 1 2 Executive summary........................................................................................................... 4 Research introduction and background ............................................................................. 6 2.1 Introduction................................................................................................................ 6 2.2 Background Research ................................................................................................ 6 2.3 Project...
Words: 28274 - Pages: 114
...| Table of Content Chapter Page 1. WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? 4 2. INTRODUCTION 5 3. CONCEPTS AND PRINCIPLES 5 4. OVERVIEW OF PIMS COMPONENTS 6 4.1. PREPAREDNESS 6 4.2. COMMUNICATIONS & INFORMATION MANAGEMENT 6 4.3 RESOURCE MANAGEMENT 6 4.4 COMMAND & MANAGEMENT 7 4.5 ONGOING MANAGEMENT & MAINTENANCE 7 5. COMPONENT 1: PREPAREDNESS 8 1) UNIFIED APPROACH 8 2) LEVELS OF CAPABILITY 9 6. COMPONENT 2: COMMUNICATION AND INFORMATION MANAGEMENT 16 7. COMPONENT 3: RESOURCE MANAGEMENT 23 a) CONCEPTS AND PRINCIPLES 23 1) Concepts 23 2) Principles 23 a) Planning 24 b) Use of Agreements 24 c) Categorizing Resources 24 d) Resource Identification and Ordering 24 e) Effective Management of Resources 24 8. COMPONENT 4: COMMAND & MANAGEMENT 25 a) INCIDENT MANAGEMENT SYSTEM 25 b) MANAGEMENT CHARACTERISTICS 26 9. PIMS AND ITS RELATIONSHIP TO THE PROVINCIAL DM FRAMEWORK 28 |Distribution | At this stage limited to GPG OPS Workgroup members |WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? | The Provincial Incident Management System (PIMS) provides a systematic, proactive approach to guide departments and agencies...
Words: 13459 - Pages: 54
...[pic] Records Management Disaster Planning Guideline June 2007 Version 1.1 Table of Contents Acknowledgments 5 Foreword 5 Introduction 6 Background 6 Scope of this guideline 6 Related Documents 6 Reference to the Adequate Records Management Standard 7 Variation to this guideline 7 Records and Disasters 7 Disasters affecting records 8 Disasters affecting Australian organisations 8 Counter disaster management for records 9 Disaster review of your agency 10 Risk Assessment 10 Establish the context 11 Identify the risks 11 Critical needs determination 13 Analyse the risks 14 Assess the risks 15 Treat the risks 15 Monitor and review 16 Planning 16 Project Planning 17 Project team responsibilities 18 Content of the plan 18 How to prepare the response and recovery plan 19 Components of the response and recovery plan 20 Lists and supplies 22 Insurance and emergency funding arrangements 23 On-site equipment 23 Implementing the plan 24 Maintaining the plan 24 Distribution issues 25 Plan maintenance responsibilities 25 Training and testing 25 Post disaster analysis 27 Vital Records Protection 28 Identifying vital records 29 Protecting vital records 31 Preventative measures 31 Recovery and restoration 33 Critical data...
Words: 16993 - Pages: 68
...o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for...
Words: 189146 - Pages: 757
...4.1 Framework Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by the IT Governance...
Words: 85189 - Pages: 341
...4.1 Framework Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by...
Words: 84132 - Pages: 337
............................................................................................................ 5 General Exam Tips......................................................................................................................................... 6 What’s On the Exam ..................................................................................................................................... 7 ITIL Core Concepts ...................................................................................................................................... 12 Services ................................................................................................................................................... 12 Service Management .............................................................................................................................. 12 ITIL as a Good Practice Framework ......................................................................................................... 12 The Service Lifecycle ............................................................................................................................... 12 Processes................................................................................................................................................. 13 ITIL Processes by Lifecycle Phase...
Words: 9056 - Pages: 37
...Company Members Project scope statement Project Title: Improve Network Structure for Lawyers Firm Date: June 27, 2012 Document prepared by: Email: * We will provide our clients with IT solutions that offer practical value today while positioning them to meet the business and technological needs of tomorrow. With our constant focus on improved business results, we will make and build definitive plans for the best and most economical IT hardware and solutions. Our goal is to ensure a solid network as well as a state of the art design and equipment for a Law Firm’s work environment. Assure that appropriate telecommunications and computing resources are available to support the mission of the firm Assure that each staff member who uses telecommunications and computing resources in his or her position has a computer of sufficient capability to fulfill their required job responsibilities Ease resource and financial planning by reducing the effort involved in budgeting and planning for new telephone units, computers, network, classroom equipment and server systems. Provide for the cost effective and timely purchasing and installation of new equipment while decreasing the deployment time for new equipment; and disposal of old and obsolete equipment. ------------------------------------------------- Deliverables Dell Desktops and laptops Cisco Routers, switches, and Ip phones will be installed and configured Firewalls will be installed Blade server holding case will be provided...
Words: 11532 - Pages: 47
...5 3.4 Contingency Phases 8 3.4.1 Response Phase 8 3.4.2 Resumption Phase 8 3.4.3 Recovery Phase 8 3.4.4 Restoration Phase 9 3.5 Assumptions 9 3.6 Critical Success Factors and Issues 9 3.7 Mission Critical Systems/Applications/Services 10 3.8 Threats 10 3.8.1 Probable Threats 11 4 System Description 12 4.1 Physical Environment 12 4.2 Technical Environment 12 5 Plan 12 5.1 Plan Management 12 5.1.1 Contingency Planning Workgroups 12 5.1.2 Contingency Plan Coordinator 12 5.1.3 System Contingency Coordinators 13 5.1.4 Incident Notification 13 5.1.5 Internal Personnel Notification 13 5.1.6 External Contact Notification 13 5.1.7 Media Releases 14 5.1.8 Alternate Site (s) 14 5.2 Teams 14 5.2.1 Damage Assessment Team 14 5.2.2 Operations Team 15 5.2.3 Communications Team 15 5.2.4 Data Entry and Control Team 15 5.2.5 Off-Site Storage Team 15 5.2.6 Administrative Management Team 15 5.2.7 Procurement Team 15 5.2.8 Configuration Management Team 16 5.2.9 Facilities Team 16 5.2.10 System Software Team 16 5.2.11 Internal Audit Team 16 5.2.12 User Assistance Team 16 5.3 Data Communications 16 5.4 Backups 16 5.4.1 Vital Records/Documentation 17 5.5 Office Equipment, Furniture and Supplies 19 5.6 Recommended Testing Procedures 19 6 Recommended Strategies 20 6.1 Critical Issues 20 6.1.1 Power 20 6.1.2 Diversification...
Words: 17323 - Pages: 70
...ITIL ® V3 Processes IT Service Management Training, Courseware, Consultancy www.mountainview-itsm.com Goals, Activities, Inputs, Outputs and Roles To collect, analyze, process relevant metrics from a process in order to determine its weakness and establish an action plan to improve the process. Activities 1 Define what you should measure 2 Define what you can measure 3 Gathering the data 4 Processing the data 5 Analyzing the data 6 Presenting and using the information 7 Implementing corrective action Repeat the Process Inputs Each activity has inputs Outputs Each activity has outputs Roles Process Owner, Service Manager, CSI Manager, Service Owner Knowledge Management Process Owner Reporting Analyst Service Measurement and Reporting Goal To monitor services and report on improvement opportunities Activities Service Measurement •Objective (Availability, Reliability, Performance of the Service) •Developing a Service Measurement Framework •Different levels of measurement and reporting •Defining what to measure •Setting targets •Service management process measurement •Creating a measurement framework grid •Interpreting and using metrics •Interpreting metrics •Using measurement and metrics •Creating scorecards and reports •CSI policies Service Reporting •Reporting policy and rules Inputs SLA Targets, SLRs, OLAs, Contracts Outputs Service Improvement Program, SLAM Reports Roles Process Owner...
Words: 4361 - Pages: 18
