information security group bcp & bs 25999 – awareness & understanding
TRANSCRIPT
Information Security Group
BCP & BS 25999 – Awareness & Understanding
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Agenda
•Philosophy of Business Continuity Management•Organization Structure•Command Matrix•Disaster Management Flow•Project Initiation & BCM•Continuity Action Plan Documentation•Roles & Responsibilities•Project In-life Monitoring & Control•Project DR Drills •BCP/DR Posture for Projects•High Level Action Plan during Disaster Recovery
Company Confidential3
BS 25999, the Standard
BS 25999 is British Standard Institute's standard in the field of Business Continuity Management (BCM), replacing the existing PAS 56.
BCM is a holistic management process that identifies potential threats to the organization and the impact to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and vale creating activities.
BS 25999 has two parts. The first, BS 25999-1:2006 is the “ Code of Practice", takes the form of general guidance and seeks to establish processes, principles and terminology for Business Continuity Management.
The second, BS 25999-2:2007 is the “Specification for Business Continuity Management", specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS), describing only requirements that can be objectively and independently audited.
Company Confidential4
BCM Overview
Company Confidential5
Business Impact Analysis & Risk Assessment
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Philosophy of the BCM Framework
Business Continuity
Soft Info
Hard Info
People
In servers
In desktops
Skills
Relationships
Knowledge
Stored
Tech Infrastructure
Support
Hardware
Communications
Seats
Security
Power
Software
Enabling functions
Soft Info
Hard Info
People
In servers
In desktops
Skills
Relationships
Knowledge
Stored
Tech Infrastructure
Support
Facilities
Hardware
Communications
Seats
Security
Power
Software
Enabling functions
Readiness to DeliverAvailability of Information
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
BCM Organization Chart
Management Security ForumManagement Security Forum – COO Declares DisasterCOO Declares Disaster
Central DR team – BCM Manager, CISO, Location Security ManagersCentral DR team – BCM Manager, CISO, Location Security ManagersDDIIRREECCTTIIOONN
SSTTAATTUUSS
I I NNFFOO
Potential Disaster Management Team – TIM, Admin / Facilities, HR, ISGPotential Disaster Management Team – TIM, Admin / Facilities, HR, ISG
Location Disaster Management TeamLocation Disaster Management Team
Security Security CoordinatorsCoordinators
TIM OICTIM OIC Admin/Admin/ Facilities ManagerFacilities ManagerLocation Security Location Security
ManagerManager
PM &PM & IDU HeadsIDU Heads
Sys Ad Sys Ad & Vendors& Vendors Suppliers/ TeamSuppliers/ Team ISG groupISG group
Head HR OpsHead HR Ops
HR SpocsHR Spocs
Company Confidential8
BCM Org: Delivery Perspective
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Command Matrix Flow
CCOOMMMMAANNDD
MMAATTRRIIXX
CISOCISO
Center HeadCenter Head
Person Responsible
Global Disaster Declaration
11stst Person Responsible
LOCAL Disaster Declaration with Appraisal to COO
22ndnd Person Responsible
To Activate Disaster Recovery in Consultation of Members of Management Security Forum
COOCOO
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
TechM Recovery Strategy : for Project/ individual location
Incident
Evacuation* & People Safety**
IT Services Fail Over – Alt path
ISP & Vendors Support Called in
Internal / External Communication
Recover Single Point Failure Projects / Ops
Alternate Site Fail over & Ops begin
Appraise Customer
Recover to Min Operating Levels
Resumption of Business
ERP
D
R
P
Recovery
ERPERP – Emergency Response Plan – Emergency Response Plan (Incident Response)(Incident Response)DRPDRP – Disaster Recovery Plan – Disaster Recovery Plan (Business Continuity to MOL)(Business Continuity to MOL)Recovery – Disaster Recovery Recovery – Disaster Recovery (Business back to normal)(Business back to normal) * Fire, Bomb Threat , Post Earthquake tremor with re-entry after All Clear & 2 hours Post Earthquake tremor Evacuation** Always 1st Priority** Always 1st Priority
Key WordsKey Words
Recovery & Resumption FlowRecovery & Resumption Flow
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
TechM Top Level Disaster Management Flow (Org. level)
Incident
Confirm Incident Reported ( FMG for Non-IT , TIM for IT incidents
Inform HR / FMG / ISG / TIM at Location & DR TEAM
Communicate to Teams via email / PA System
Track & Keep Center Head & Location Informed of Status
Identify Critical Projects & Site Dependent Projects / Ops
Check People Safety & Assess Damage – Site, IDU’s & Functions
Alert Onsite & Alternate Site or Move Teams to take over & Inform Customers
Recover to MOL with IDU, Vendor, FMG, TIM, & ISG Support
Resumption Team Decides Mode to Attain Normal Operations
PPOOTTEENNTTIIAALL
DDIISSAASSTTEER R
MMGGTT
DISASTER
MANAGMENT
Recovery
Potential Disaster to Recovery Management FlowPotential Disaster to Recovery Management Flow
ERPERP – Emergency Response Plan – Emergency Response Plan (Incident Response)(Incident Response)DRPDRP – Disaster Recovery Plan – Disaster Recovery Plan (Business Continuity to MOL)(Business Continuity to MOL)Recovery – Disaster Recovery Recovery – Disaster Recovery (Business back to normal)(Business back to normal) * Fire, Bomb Threat , Post Earthquake tremor with re-entry after All Clear & 2 hours Post Earthquake tremor Evacuation** Always 1st Priority** Always 1st Priority
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Baseline BCM Posture for TechM Centers
People Processes Technology
1. Offshore Split Teams
2. Onsite ~ Offshore Model
3. Named Critical Team Members
4. Skill Database for alternate Resourcing
BCM Baseline
1. Data Backup Procedure offered as a baseline for all customers
2. Onsite & Offsite backup tape vaulting
3. Documented SOP’s
1. Common LAN Redundancy & Communication Link
2. Dual ISP, Dual Path
3. Alternate Desktops, File & Print, Email & NAS available
4. Secure Computing at Warm Sites
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
BCM – Project Initiation Flow
TIM ProcessTIM Process
BIA BIA
TMAPTMAP
Resource info Resource info
TMAPTMAP
PSSD PSSD
(BCP- ISG (BCP- ISG Dashboard)Dashboard)
Initiation
NAS & NAS & eBS eBS DatabaseDatabase
StorageStorageTIM TIM TemplatesTemplates
TIM-N-F007C / F001H / F002I / F006A
ISG-N-T013 ISG-N-T013 (BCP (BCP
Document)Document)
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
BIA Authorization by IDU Heads - Workflow Screen - TMAP
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Resource Update by Project Managers - Workflow Screen - TMAP
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
PSSD –Update by Project Managers – BCP Application – ISG Dashboard
Company Confidential17
Defining RTO, RPO and MTPOD
Maximum Tolerable periodof down time (in hours)
100% Resumption
MTPOD
RPO is the maximum
acceptable level of data loss following an unplanned
“event”,
RTO is defined as the length of time that a business process could be unavailable before the business unit’s operations are significantly
impaired.
MTPOD is defined as the “duration after which anorganization’s viability will be irrevocably threatened if productand service delivery cannot be resumed.”.
MTPOD can be calculated on the following factors•The maximum time period after the start of a disruption within which each activity needs to be resumed•The maximum level at which at which each activity needs to be performed after resumption•The length of time within which normal level of operation need to be resumed
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
BCP – Update Screen – ISG Dashboard
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
The Continuity Plan Template
1 PROJECT DETAILS2 VERSION HISTORY3 BUSINESS CONTINUITY MANAGEMENT AT TECH MAHINDRA LTD4 PROJECT DETAILS
4.1 Engagement overview4.2 Project overview4.3 Brief on Project Requirements4.4 Brief on Contractual obligations4.5 Brief on Service Level Agreement4.6 Agreed Recovery Time Objective4.7 Need & Scope of the project BCP
5 PROJECT RESOURCE DISTRIBUTION6 PRIORITY OF CRITICAL PROCESSES AND OWNERSHIP7 INFRASTRUCTURE REQUIREMENTS
7.1 Connectivity requirements7.2 Recovery Point Objective
8 RECOVERY TIME OBJECTIVE OF THE CRITICAL PROCESSES9 INCIDENT RESPONSE ACTIVITIES & OWNERSHIP
9.1 Partial Damage within site9.2 Full Damage at site9.3 Location/City unavailable9.4 Country unavailable
10 INCIDENT RESPONSE COMMAND STRUCTURE AND CONTROL FLOW11 NOTIFICATION CONTROL STRUCTURE12 CRITICAL RESOURCE INFORMATION13 PROJECT MANAGEMENT INFORMATION14 CLIENT COMMUNICATION INFORMATION15 VITAL RECORDS16 LEARNING INCORPORATED FROM EXERCISING OF BCP /DR DRILLS.17 MANDATORY DOCUMENTS NEEDED18 READY REFERENCE.
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Roles & Responsibilities
Key roles and responsibilities defined are related toKey roles and responsibilities defined are related to
The IDU headThe IDU headThe Security Coordinator The Security Coordinator Damage Assessment & Prioritization TeamDamage Assessment & Prioritization Team
FMG, TIM, HR, ISG & Project ManagersFMG, TIM, HR, ISG & Project ManagersThe Project Manager The Project Manager Critical Team MembersCritical Team Members
CONFIDENTIAL© Copyright 2007 Tech Mahinra Limited
IDU Heads
• Steers inputs to the Disaster Assessment & Prioritization Team to safe recovery
• Customer Communication and briefing thru e-mail or telephone
• Elimination of bottlenecks within the IDU if identified
• Attend to all escalations from the Project Managers & Security Coordinator for the IDU
• Authorize movement of people, alternate seating arrangement, alternate computing requirements for the IDU
• Maintain a Status of the IDU recovery to keep informed Customers Senior Management
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Security Coordinator
• Custodian of the Contact List of all Project Managers who are identified as Critical in the IDU in the BIA
• Coordinate using the contact list all such projects at site which are affected
• Inform IDU Heads about the actions taken at the IDU level in coordination with the Project Managers
• Collate and consolidate the Project Damage Information Status at an IDU level and share the same with the IDU Head and BCM Manager.
• Distribute this information to the mailing list [email protected]
• Overall Spokesperson for status information for the IDU continuity would be a key responsibility
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Damage Assessment & Prioritization Team
• TIM would assess the Technical Damage
• Facilities would assess the Building damage
• Project Managers Identify projects rated “INCLUDE” in BCP/DR for recovery during an emergency as per the BIA Register
• Prioritize Recovery considering factors related to Days Delivery Criticality to business for legal deadlines Other Strategic reasons
• Appraise IDU Heads
• Inform [email protected]
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project Managers – Critical projects
• Custodian of the Continuity Plan for the Project
• Custodian of the Updated Contact List of Critical team members at the site
• • Coordinator to track the availability of the Critical personnel for
operational continuity
• Coordinate with the Onsite Team to maintain Minimum Operating Levels in light of the disaster at site
• Coordinate with FMG / TIM for necessary logistics of Facilities & Technical Infrastructure
• Coordinate with Resource Management Group (RMG) for seat allocation at alternate site
• Escalate bottlenecks to IDU Head for resolution
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Critical Team Members – Critical Projects
• Be aware of being identified as a Critical Team Member for your project
• Ensure that your contact details are updated with your project manager
• Maintain your user names, passwords safely• Possess your secure-id cards safely to enable
computation from home or alternate site • Be prepared to travel to alternate site for operational
continuity• Be prepared to work in shifts if required at the alternate
site• Maintain contact details of Your Project manager,
Security Coordinator , DR Team members, IDU Head• When in DOUBT – ESCALATE to Your Project Manager /
IDU Head for correct guidance
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Disaster Events Considered
SNoSNo Disaster CauseDisaster Cause EventsEvents
1 Natural Causes Fire, Earthquake, Flood, Epidemics (eg Avian Flue)
2 Human Causes War , Civic Unrest, Terrorist Attack
3 Utility Disruption Power, Postal Services, Transport
4 Resource Disruptions No Server Room, No People
5 IT Disasters
5a Data Communication IPLC, MPLS, VPN & Internet
5b Denial of Service DOS Attacks , Anti-Virus
5c Equipment Failures Hardware Failures
5d Software Configuration Failures
RDBMS, Data corruption
5e Core IT Services Failures
ISP Interruptions, Mail Services
Facilities - DR Preparedness
SNo Domain Summary Brief
1 Alternate Sites Identified WARM sites for Partial & Full Damage
2 Power Availability Backup Generators available at Site
3 Shifts Working Capability to maintain 3 shifts over General Shift
4 Transportation Contractors are listed to avail services in short notice
5 Cafeteria Can extend to operate in 3 shifts
6 Air Conditioning We have air conditioning for critical areas in redundant modes – Central & Split A/cs
7 Security Manned 24/7
8 Seats Non-Critical Projects will operate in 2nd and 3rd shift
9 Telephones Services Available 24/7
Mar-09 27Client Confidential | Tech Mahindra Limited 2009
IT - DR Preparedness
SNo Domain Summary Brief
1 Communication Links Dual Path, ISP and Auto Fail Over. MPLS and VPN circuits have inbuilt Resilience
2 Redundancy Passive LAN 2 :1
3 Critical IT Elements Available as Hot Standbys at Site / Vendor Location
4 Hardware Equipment AMC Comprehensive with SLA’s
5 Backup Management Onsite and Offsite backups with tape vaulting
6 Software Support Available on a case to case basis depending upon criticality of software
7 Virus Protection Anti-Virus Software is implemented as baseline
8 TIM Personnel Can administer key equipment over the WAN
9 Resilience in Key Services All Key services have Primary & Backup Servers to keep MOL running.
Mar-09 28Client Confidential | Tech Mahindra Limited 2009
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Backup / Restore Procedures
SNoSNo ScheduleSchedule DescriptionDescription Offsite tapeOffsite tape Tape Delivery Tape Delivery TimeTime
1 As per defined periodicity
Backups of files as indicated by projects for a daily backup
As per defined periodicity
6~8 hours
2 As per defined periodicity
Full system Backup for the week end
As per defined periodicity
6~8 hours
3 As per defined periodicity
Full system backup for the month end
As per defined periodicity
6~8 hours
•All Tapes are stored in Fire Proof Safes – Onsite as well as Offsite
•Backup Procedure is followed by Technical Infrastructure Team
•Restoration Checks are performed to change Tape and Data Integrity
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
IDU - DR Preparedness
SNo Domain Summary Brief
1 Distributed Working
We have an Onsite ~ Offshore Model with distributed teams across India Locations for majority of our Projects
2 MOL – Onsite Capability to maintain MOL at onsite for key projects
3 Critical Resources Identified, Named & Listed in Contact Lists of Projects
4 Shift Working Resource capability to work in 2nd and 3rd Shifts in DR
5 Alternate site working
Critical Resources are made aware to be ready to work from alternate site to maintain MOL
6 Escalation Matrix PM ~ SPM ~ GH ~ IDU HEAD auto escalation and decision making is a key aspect of this model
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
BCM – Project Monitor & Control
Project In-Project In-Life CycleLife Cycle
Annual Drill Annual Drill ScheduleSchedule
Call Tree Drill / Call Tree Drill / Table TopTable Top
QuarterlyQuarterly
Data RestorationData Restoration
Quarterly Quarterly
Environment Environment Rebuild Rebuild
YearlyYearly
Drill Drill Assessment Assessment ReportsReports
Rehearsal or Rehearsal or Client DrillClient Drill
YearlyYearly
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project Call Tree Drill
Validation of Called Validation of Called NumberNumber
Updation of Continuity Plan Contact List
Drill Assessment Drill Assessment ReportsReports
ISG-N-T013
Project Continuity Plan
Revision Distribution Confirmation prior to Release
Call Listed Contact
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project Data Restoration Drill
Refer ScheduleRefer ScheduleInform TIMInform TIM
Monitor Restoration Monitor Restoration ProcessesProcesses
Check Data RestoredCheck Data Restored
Confirm Availability Confirm Availability & Integrity of Data& Integrity of Data
Drill Assessment Drill Assessment ReportsReports
Track Process Time Track Process Time & Preparedness & Preparedness
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Servers Environment Rebuild Drill
Refer ScheduleRefer Schedule Inform TIMInform TIM
Build Alternate ServerBuild Alternate Server
Load OS & RDBMS Load OS & RDBMS
Check EnvironmentCheck Environment
Drill Assessment Drill Assessment ReportsReports
Rehearsal or Rehearsal or Client DrillClient Drill
YearlyYearly
Track Process Time & Track Process Time & PreparednessPreparedness
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Desktops / Laptops Environment Rebuild Drill
Refer ScheduleRefer Schedule Inform TIMInform TIM
Build Alternate Desktop Build Alternate Desktop
Load OS & Client SoftwareLoad OS & Client Software
Check EnvironmentCheck Environment
Drill Assessment Drill Assessment ReportsReports
Rehearsal or Rehearsal or Client DrillClient Drill
YearlyYearly
Track Process Time & Track Process Time & PreparednessPreparedness
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project Fail Over Rehearsal : ERP~DRP~RecoveryProject Fail Over Rehearsal : ERP~DRP~Recovery
Identify Trigger
Inform Onsite / Alternate Offshore Teams
Stop Operations at Affected Site
Inform ISG, IDU head, TIM of scheduled drill
Use Continuity Plan for Communications
Check with Alternate Site for Operations Continuity
Execute Plan for Continuity for Single Point Failure
Identify Gaps in Knowledge & Actions
Monitor SLA , compliance & RTO, Call Off Drill with Minimum Operating Level achievement
Resume to Normal Operations & Report in Assessment Template
ERP
D
R
P
Recovery
ERPERP – Emergency Response Plan – Emergency Response PlanDRPDRP – Disaster Recovery Plan – Disaster Recovery Plan
Key WordsKey Words
Drill Conduct FlowDrill Conduct Flow
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project – Fail Over Rehearsal
This Drill enables the Project to TEST
Capability of the Project operations in totality
Communication Plan gaps
Contact List – Missing links if any
Knowledge gaps within Teams for Internal Working
Fail over issues to alternate site
Connectivity Issues
Capability to maintain Minimum Operating Level with Alternate / Onsite support
Customer SLA meet up with Fail Over in Progress
Monitoring of Recovery Time Objective
Identifying Readiness of the Project / IDU
Preparation for a Real Disaster
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project Readiness Overall
SNo What to Know ? Reference Resource
1 Your Location Security Manager (LSM) Name http://isg.techmahindra.com/
2 Your IDU Security Coordinator Name Check with PMO or LSM
3 Your Project BIA Rating TMAP
4 Updated Resource Information TMAP
5 Updated PSSD Template for project BCP
6 Updated for Project Risk Assessment to TIM & Project authorization form, Asset Classification Form & Backup Schedule Template for Servers Hosted with TIM
TIM-N-F007C, TIM-N-F001H
TIM-N-F002I, & TIM-N-F006A
7 Updated Contact List of Critical Resources Project contact list updates
8 Updated Project Continuity & Detailed Action Plan ISG-N-T013
9 Be Aware of the BCM Framework & Alternate Sites Refer BCM Framework on BMS
10 Common group email id for ALERTS about Potential or DR Incidents
11 Conduct Project DR Drills Refer Guidelines on BMS
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Project High Level Action Plan : ERP~DRP~RecoveryProject High Level Action Plan : ERP~DRP~Recovery
Trigger / Incident
Evacuation*, & Team Safety **
Contact all Team Members to assemble
Alert Offshore / Onsite Teams
Internal coordination TIM/FMG/ISG/RMG
Refer Project Continuity Plan & Execute Actions for Single Point Failure Projects
Projects Fail over & Offshore / Onsite supports
Appraise IDU head & Internal Groups
Recover to Minimum Operating Levels achieving RTO
Resumption as Normal Operations
ERP
D
R
P
Recovery
ERPERP – Emergency Response Plan – Emergency Response PlanDRPDRP – Disaster Recovery Plan – Disaster Recovery Plan
*Fire, Bomb Threat , Post Earthquake tremor with Re-entry after All Clear & 2 hrs related to Post Earthquake Tremor evacuation ** Always 1** Always 1stst Priority Priority
Key WordsKey Words
Recovery & Resumption FlowRecovery & Resumption Flow
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Framework Documentation Tree
Global BCM FrameworkGlobal BCM Framework
Disaster Management Disaster Management HandbookHandbook
Non-IT Non-IT DR Action PlanDR Action Plan
DR Test StrategyDR Test Strategy BCM Ops GuideBCM Ops Guide
IT OPS IT OPS DR Action PlanDR Action Plan
Incident Management PlanIncident Management Plan
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Exhibits & Assessments
Sr Reports & Templates Exhibit
1 BIA Register
2 BIA Scorecard
3 Critical Process Register
4 Technical Infrastructure Requirement Register
5 Seating Requirement Register
6 Project Resource Register
7 Location wise – BCP Drill Compliance report
8 Business Continuity Plan Template
9 BCP Drill exception report
10 Process Guidelines – Asset, RA & BCP/DRMicrosoft Word
Document
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Excel 97-2003 Worksheet
Microsoft Office Word 97 - 2003 Document
Microsoft Office Excel Worksheet
Microsoft Office Excel Worksheet
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
to summarize…
We have gone thru this slide show covering,
Aspects of BCP Posture for Projects
BIA, Resource Information, PSSD Data Capture
Documenting a Project Continuity Action Plan
Roles & Responsibilities
Project Initiation & In-life monitoring for BCP/DR
Disaster Management – Strategy, Center Perspective & Project Perspective
Drill Types & Methodology &
The Documentation Tree for BCP/DR
Company Confidential44
Thank You !
Company Confidential45
BCM Knowledge Area
An Evaluation of Lessons LearntAn Evaluation of Lessons Learnt
It’s not over yet…
Company Confidential46
Q-1
What is the philosophy of Tech M’s BCM Framework ?
1. Only availability of information
2. Readiness to Deliver
3. Availability of Information in hard & soft form backed by readiness to deliver
4. Information – Hard, Soft, People related & Readiness including Technical Infrastructure, Facilities & Support organizations
Company Confidential47
Q-2
What is the right steps to follow in the BCM Flow ?
1. Incident – Assessment – Disaster Decide - DRP
2. Incident – Disaster Declare – Assessment – Recovery - Resumption
3. Incident – Disaster Declare- DRP - Resumption
4. Incident – Monitor- ERP – DRP – Normal Operations
Company Confidential48
Q-3
What is the right sequence of the Action Plan ?
1. DRP-Recovery-Resumption
2. ERP-DRP-Recovery-Resumption
3. ERP-DRP-Resumption
4. None of the Above
Company Confidential49
Q-4
What does the scope of BCM Include ?
1. Projects, Functions, CSU
2. CSU, IDU, Functions, Corporate Application
3. IDU, CSU, Functions, Corporate Applications, Corporate Services
4. Projects, EMBT, IMBT, HRMS
Company Confidential50
Q-5
Which are the key functions who participate in Potential Disaster Management ?
1. TIM & ISG
2. TIM & Facilities
3. TIM , Administration OR Facilities & ISG
4. TIM, Finance, Facilities
Company Confidential51
Q-6
What is the hierarchy of the BCM Organization?
1. Management Security Forum, Central DR team, Potential Disaster Mgt Team, Location Disaster Management Team
2. Management Security Forum, TIM, Facilities, IT Vendors
3. Security Coordinators, Core Team members, Central DR Team, Location Disaster management Team
4. CEO, COO, IDU Heads, CSU Heads
Company Confidential52
Q-7
What is the email group id a DR team member should subscribes to ?
Company Confidential53
Q-8
What is the key role of the BCM Manager ?
1. Coordinate Disasters
2. Send emails to the group [email protected]
3. Maintain the status of the Disaster Progress
4. To Develop, Document & Maintain the BCM Framework & BIA for Functions, Corporate Services, Corporate Services, CSU & IDU
Company Confidential54
Q-9
What is the key role of the Location Security Manager ?
1. Lead the DR team at the Location to take the right direction for recovery & Facilitate the Damage Assessment with TIM & Facilities management groups
2. Maintain Security At Location
3. Ensure Guards are attending the Gates
4. Coordinate with Facilities & TIM
Company Confidential55
Q-10
What principles would the Prioritization for recovery follow ?
1. Prioritize the projects the team likes
2. Prioritize support projects
3. Prioritize business processes held up for legal commitments
4. Prioritize Recovery considering factors related to Days DeliveryCriticality to business for legal deadlines, Other Strategic reasons
Company Confidential56
Q-11
What is the Security Coordinator a custodian of for the IDU ?
1. Custodian of the Contact List of all Project Managers who are identified as Critical in the IDU in the BIA
2. All Project managers contact list
3. Contact List of IDU Head only
4. Contact List of All Critical Team Members Only
Company Confidential57
Q-12
Which Status does the IDU head need to maintain during an Emergency ?
1. Personal commitments
2. Personal agenda of work items
3. Maintain a Status of the IDU recovery to keep informed customers & Sr Management
4. Information – Hard, Soft, People related & Readiness including Technical Infrastructure, Facilities & Support organizations
Company Confidential58
Q-13
Which Templates / Forms are required to be maintained by the Project Manager for Critical Projects ?
1. TI507 A, PSSD, TI 507 C
2. TI 507 C, PSSD, TI 407 C, TI 507 A
3. BIA, PSSD, TI 507A
4. TI 607C, TI 110A, TI 407C
Company Confidential59
Q-14
What are the contact details to be maintained by critical team members ?
1. Contact list of friends
2. Contact list of Project Manager
3. Contact list of IDU heads
4. Contact list of IDU Head, Project Manager, Team members & Security Coordinator
Company Confidential60
Q-15
What are different types of tests conducted ?
1. Table Top, Simulation, Fail Over, Testing, Rehearsals
2. Table Top, Fail Over, Environment Rebuild, Rehearsals
3. Table Top, Fail Over, Environment Rebuild, Call Tree, Rehearsals, Data Restore
4. Table Top, Fail Over, Environment Rebuild, Call Tree, Vendor Preparedness, Data Restore
Company Confidential61
Q-16
What is the documentation hierarchy of the BCM Framework?
1. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, Contact details, Test Strategy
2. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, DR Operations Handbook, Test Strategy
3. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, Non-IT Action Planner, Test Strategy
4. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans Non IT, Disaster Operations Handbook, Disaster Recovery Action Plans IT, Test Strategy
62
End Of Tutorial
Thank YouThank You