information security group bcp & bs 25999 – awareness & understanding

Information Security Group

BCP & BS 25999 – Awareness & Understanding

CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited

Agenda

•Philosophy of Business Continuity Management•Organization Structure•Command Matrix•Disaster Management Flow•Project Initiation & BCM•Continuity Action Plan Documentation•Roles & Responsibilities•Project In-life Monitoring & Control•Project DR Drills •BCP/DR Posture for Projects•High Level Action Plan during Disaster Recovery

Company Confidential3

BS 25999, the Standard

BS 25999 is British Standard Institute's standard in the field of Business Continuity Management (BCM), replacing the existing PAS 56.

BCM is a holistic management process that identifies potential threats to the organization and the impact to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and vale creating activities.

BS 25999 has two parts. The first, BS 25999-1:2006 is the “ Code of Practice", takes the form of general guidance and seeks to establish processes, principles and terminology for Business Continuity Management.

The second, BS 25999-2:2007 is the “Specification for Business Continuity Management", specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS), describing only requirements that can be objectively and independently audited.


BCM Overview


Business Impact Analysis & Risk Assessment


Philosophy of the BCM Framework

Business Continuity

Soft Info

Hard Info

People

In servers

In desktops

Skills

Relationships

Knowledge

Stored

Tech Infrastructure

Support

Hardware

Communications

Seats

Security

Power

Software

Enabling functions

Soft Info

Hard Info

People

In servers

In desktops

Skills

Relationships

Knowledge

Stored

Tech Infrastructure

Support

Facilities

Hardware

Communications

Seats

Security

Power

Software

Enabling functions

Readiness to DeliverAvailability of Information


BCM Organization Chart

Management Security ForumManagement Security Forum – COO Declares DisasterCOO Declares Disaster

Central DR team – BCM Manager, CISO, Location Security ManagersCentral DR team – BCM Manager, CISO, Location Security ManagersDDIIRREECCTTIIOONN

SSTTAATTUUSS

I I NNFFOO

Potential Disaster Management Team – TIM, Admin / Facilities, HR, ISGPotential Disaster Management Team – TIM, Admin / Facilities, HR, ISG

Location Disaster Management TeamLocation Disaster Management Team

Security Security CoordinatorsCoordinators

TIM OICTIM OIC Admin/Admin/ Facilities ManagerFacilities ManagerLocation Security Location Security

ManagerManager

PM &PM & IDU HeadsIDU Heads

Sys Ad Sys Ad & Vendors& Vendors Suppliers/ TeamSuppliers/ Team ISG groupISG group

Head HR OpsHead HR Ops

HR SpocsHR Spocs


BCM Org: Delivery Perspective


Command Matrix Flow

CCOOMMMMAANNDD

MMAATTRRIIXX

CISOCISO

Center HeadCenter Head

Person Responsible

Global Disaster Declaration

11stst Person Responsible

LOCAL Disaster Declaration with Appraisal to COO

22ndnd Person Responsible

To Activate Disaster Recovery in Consultation of Members of Management Security Forum

COOCOO


TechM Recovery Strategy : for Project/ individual location

Incident

Evacuation* & People Safety**

IT Services Fail Over – Alt path

ISP & Vendors Support Called in

Internal / External Communication

Recover Single Point Failure Projects / Ops

Alternate Site Fail over & Ops begin

Appraise Customer

Recover to Min Operating Levels

Resumption of Business

ERP

D

R

P

Recovery

ERPERP – Emergency Response Plan – Emergency Response Plan (Incident Response)(Incident Response)DRPDRP – Disaster Recovery Plan – Disaster Recovery Plan (Business Continuity to MOL)(Business Continuity to MOL)Recovery – Disaster Recovery Recovery – Disaster Recovery (Business back to normal)(Business back to normal) * Fire, Bomb Threat , Post Earthquake tremor with re-entry after All Clear & 2 hours Post Earthquake tremor Evacuation** Always 1st Priority** Always 1st Priority

Key WordsKey Words

Recovery & Resumption FlowRecovery & Resumption Flow


TechM Top Level Disaster Management Flow (Org. level)

Incident

Confirm Incident Reported ( FMG for Non-IT , TIM for IT incidents

Inform HR / FMG / ISG / TIM at Location & DR TEAM

Communicate to Teams via email / PA System

Track & Keep Center Head & Location Informed of Status

Identify Critical Projects & Site Dependent Projects / Ops

Check People Safety & Assess Damage – Site, IDU’s & Functions

Alert Onsite & Alternate Site or Move Teams to take over & Inform Customers

Recover to MOL with IDU, Vendor, FMG, TIM, & ISG Support

Resumption Team Decides Mode to Attain Normal Operations

PPOOTTEENNTTIIAALL

DDIISSAASSTTEER R

MMGGTT

DISASTER

MANAGMENT

Recovery

Potential Disaster to Recovery Management FlowPotential Disaster to Recovery Management Flow

ERPERP – Emergency Response Plan – Emergency Response Plan (Incident Response)(Incident Response)DRPDRP – Disaster Recovery Plan – Disaster Recovery Plan (Business Continuity to MOL)(Business Continuity to MOL)Recovery – Disaster Recovery Recovery – Disaster Recovery (Business back to normal)(Business back to normal) * Fire, Bomb Threat , Post Earthquake tremor with re-entry after All Clear & 2 hours Post Earthquake tremor Evacuation** Always 1st Priority** Always 1st Priority


Baseline BCM Posture for TechM Centers

People Processes Technology

1. Offshore Split Teams

2. Onsite ~ Offshore Model

3. Named Critical Team Members

4. Skill Database for alternate Resourcing

BCM Baseline

1. Data Backup Procedure offered as a baseline for all customers

2. Onsite & Offsite backup tape vaulting

3. Documented SOP’s

1. Common LAN Redundancy & Communication Link

2. Dual ISP, Dual Path

3. Alternate Desktops, File & Print, Email & NAS available

4. Secure Computing at Warm Sites


BCM – Project Initiation Flow

TIM ProcessTIM Process

BIA BIA

TMAPTMAP

Resource info Resource info

TMAPTMAP

PSSD PSSD

(BCP- ISG (BCP- ISG Dashboard)Dashboard)

Initiation

NAS & NAS & eBS eBS DatabaseDatabase

StorageStorageTIM TIM TemplatesTemplates

TIM-N-F007C / F001H / F002I / F006A

ISG-N-T013 ISG-N-T013 (BCP (BCP

Document)Document)


BIA Authorization by IDU Heads - Workflow Screen - TMAP


Resource Update by Project Managers - Workflow Screen - TMAP


PSSD –Update by Project Managers – BCP Application – ISG Dashboard


Defining RTO, RPO and MTPOD

Maximum Tolerable periodof down time (in hours)

100% Resumption

MTPOD

RPO is the maximum

acceptable level of data loss following an unplanned

“event”,

RTO is defined as the length of time that a business process could be unavailable before the business unit’s operations are significantly

impaired.

MTPOD is defined as the “duration after which anorganization’s viability will be irrevocably threatened if productand service delivery cannot be resumed.”.

MTPOD can be calculated on the following factors•The maximum time period after the start of a disruption within which each activity needs to be resumed•The maximum level at which at which each activity needs to be performed after resumption•The length of time within which normal level of operation need to be resumed


BCP – Update Screen – ISG Dashboard


The Continuity Plan Template

1 PROJECT DETAILS2 VERSION HISTORY3 BUSINESS CONTINUITY MANAGEMENT AT TECH MAHINDRA LTD4 PROJECT DETAILS

4.1 Engagement overview4.2 Project overview4.3 Brief on Project Requirements4.4 Brief on Contractual obligations4.5 Brief on Service Level Agreement4.6 Agreed Recovery Time Objective4.7 Need & Scope of the project BCP

5 PROJECT RESOURCE DISTRIBUTION6 PRIORITY OF CRITICAL PROCESSES AND OWNERSHIP7 INFRASTRUCTURE REQUIREMENTS

7.1 Connectivity requirements7.2 Recovery Point Objective

8 RECOVERY TIME OBJECTIVE OF THE CRITICAL PROCESSES9 INCIDENT RESPONSE ACTIVITIES & OWNERSHIP

9.1 Partial Damage within site9.2 Full Damage at site9.3 Location/City unavailable9.4 Country unavailable

10 INCIDENT RESPONSE COMMAND STRUCTURE AND CONTROL FLOW11 NOTIFICATION CONTROL STRUCTURE12 CRITICAL RESOURCE INFORMATION13 PROJECT MANAGEMENT INFORMATION14 CLIENT COMMUNICATION INFORMATION15 VITAL RECORDS16 LEARNING INCORPORATED FROM EXERCISING OF BCP /DR DRILLS.17 MANDATORY DOCUMENTS NEEDED18 READY REFERENCE.


Roles & Responsibilities

Key roles and responsibilities defined are related toKey roles and responsibilities defined are related to

The IDU headThe IDU headThe Security Coordinator The Security Coordinator Damage Assessment & Prioritization TeamDamage Assessment & Prioritization Team

FMG, TIM, HR, ISG & Project ManagersFMG, TIM, HR, ISG & Project ManagersThe Project Manager The Project Manager Critical Team MembersCritical Team Members

CONFIDENTIAL© Copyright 2007 Tech Mahinra Limited

IDU Heads

• Steers inputs to the Disaster Assessment & Prioritization Team to safe recovery

• Customer Communication and briefing thru e-mail or telephone

• Elimination of bottlenecks within the IDU if identified

• Attend to all escalations from the Project Managers & Security Coordinator for the IDU

• Authorize movement of people, alternate seating arrangement, alternate computing requirements for the IDU

• Maintain a Status of the IDU recovery to keep informed Customers Senior Management


Security Coordinator

• Custodian of the Contact List of all Project Managers who are identified as Critical in the IDU in the BIA

• Coordinate using the contact list all such projects at site which are affected

• Inform IDU Heads about the actions taken at the IDU level in coordination with the Project Managers

• Collate and consolidate the Project Damage Information Status at an IDU level and share the same with the IDU Head and BCM Manager.

• Distribute this information to the mailing list [email protected]

• Overall Spokesperson for status information for the IDU continuity would be a key responsibility

mailto:[email protected]


Damage Assessment & Prioritization Team

• TIM would assess the Technical Damage

• Facilities would assess the Building damage

• Project Managers Identify projects rated “INCLUDE” in BCP/DR for recovery during an emergency as per the BIA Register

• Prioritize Recovery considering factors related to Days Delivery Criticality to business for legal deadlines Other Strategic reasons

• Appraise IDU Heads

• Inform [email protected]



Project Managers – Critical projects

• Custodian of the Continuity Plan for the Project

• Custodian of the Updated Contact List of Critical team members at the site

• • Coordinator to track the availability of the Critical personnel for

operational continuity

• Coordinate with the Onsite Team to maintain Minimum Operating Levels in light of the disaster at site

• Coordinate with FMG / TIM for necessary logistics of Facilities & Technical Infrastructure

• Coordinate with Resource Management Group (RMG) for seat allocation at alternate site

• Escalate bottlenecks to IDU Head for resolution


Critical Team Members – Critical Projects

• Be aware of being identified as a Critical Team Member for your project

• Ensure that your contact details are updated with your project manager

• Maintain your user names, passwords safely• Possess your secure-id cards safely to enable

computation from home or alternate site • Be prepared to travel to alternate site for operational

continuity• Be prepared to work in shifts if required at the alternate

site• Maintain contact details of Your Project manager,

Security Coordinator , DR Team members, IDU Head• When in DOUBT – ESCALATE to Your Project Manager /

IDU Head for correct guidance


Disaster Events Considered

SNoSNo Disaster CauseDisaster Cause EventsEvents

1 Natural Causes Fire, Earthquake, Flood, Epidemics (eg Avian Flue)

2 Human Causes War , Civic Unrest, Terrorist Attack

3 Utility Disruption Power, Postal Services, Transport

4 Resource Disruptions No Server Room, No People

5 IT Disasters

5a Data Communication IPLC, MPLS, VPN & Internet

5b Denial of Service DOS Attacks , Anti-Virus

5c Equipment Failures Hardware Failures

5d Software Configuration Failures

RDBMS, Data corruption

5e Core IT Services Failures

ISP Interruptions, Mail Services

Facilities - DR Preparedness

SNo Domain Summary Brief

1 Alternate Sites Identified WARM sites for Partial & Full Damage

2 Power Availability Backup Generators available at Site

3 Shifts Working Capability to maintain 3 shifts over General Shift

4 Transportation Contractors are listed to avail services in short notice

5 Cafeteria Can extend to operate in 3 shifts

6 Air Conditioning We have air conditioning for critical areas in redundant modes – Central & Split A/cs

7 Security Manned 24/7

8 Seats Non-Critical Projects will operate in 2nd and 3rd shift

9 Telephones Services Available 24/7

Mar-09 27Client Confidential | Tech Mahindra Limited 2009

IT - DR Preparedness


1 Communication Links Dual Path, ISP and Auto Fail Over. MPLS and VPN circuits have inbuilt Resilience

2 Redundancy Passive LAN 2 :1

3 Critical IT Elements Available as Hot Standbys at Site / Vendor Location

4 Hardware Equipment AMC Comprehensive with SLA’s

5 Backup Management Onsite and Offsite backups with tape vaulting

6 Software Support Available on a case to case basis depending upon criticality of software

7 Virus Protection Anti-Virus Software is implemented as baseline

8 TIM Personnel Can administer key equipment over the WAN

9 Resilience in Key Services All Key services have Primary & Backup Servers to keep MOL running.

Mar-09 28Client Confidential | Tech Mahindra Limited 2009


Backup / Restore Procedures

SNoSNo ScheduleSchedule DescriptionDescription Offsite tapeOffsite tape Tape Delivery Tape Delivery TimeTime

1 As per defined periodicity

Backups of files as indicated by projects for a daily backup

As per defined periodicity

6~8 hours


Full system Backup for the week end


6~8 hours


Full system backup for the month end


6~8 hours

•All Tapes are stored in Fire Proof Safes – Onsite as well as Offsite

•Backup Procedure is followed by Technical Infrastructure Team

•Restoration Checks are performed to change Tape and Data Integrity


IDU - DR Preparedness


1 Distributed Working

We have an Onsite ~ Offshore Model with distributed teams across India Locations for majority of our Projects

2 MOL – Onsite Capability to maintain MOL at onsite for key projects

3 Critical Resources Identified, Named & Listed in Contact Lists of Projects

4 Shift Working Resource capability to work in 2nd and 3rd Shifts in DR

5 Alternate site working

Critical Resources are made aware to be ready to work from alternate site to maintain MOL

6 Escalation Matrix PM ~ SPM ~ GH ~ IDU HEAD auto escalation and decision making is a key aspect of this model


BCM – Project Monitor & Control

Project In-Project In-Life CycleLife Cycle

Annual Drill Annual Drill ScheduleSchedule

Call Tree Drill / Call Tree Drill / Table TopTable Top

QuarterlyQuarterly

Data RestorationData Restoration

Quarterly Quarterly

Environment Environment Rebuild Rebuild

YearlyYearly

Drill Drill Assessment Assessment ReportsReports

Rehearsal or Rehearsal or Client DrillClient Drill

YearlyYearly


Project Call Tree Drill

Validation of Called Validation of Called NumberNumber

Updation of Continuity Plan Contact List

Drill Assessment Drill Assessment ReportsReports

ISG-N-T013

Project Continuity Plan

Revision Distribution Confirmation prior to Release

Call Listed Contact


Project Data Restoration Drill

Refer ScheduleRefer ScheduleInform TIMInform TIM

Monitor Restoration Monitor Restoration ProcessesProcesses

Check Data RestoredCheck Data Restored

Confirm Availability Confirm Availability & Integrity of Data& Integrity of Data


Track Process Time Track Process Time & Preparedness & Preparedness


Servers Environment Rebuild Drill

Refer ScheduleRefer Schedule Inform TIMInform TIM

Build Alternate ServerBuild Alternate Server

Load OS & RDBMS Load OS & RDBMS

Check EnvironmentCheck Environment



YearlyYearly

Track Process Time & Track Process Time & PreparednessPreparedness


Desktops / Laptops Environment Rebuild Drill

Refer ScheduleRefer Schedule Inform TIMInform TIM

Build Alternate Desktop Build Alternate Desktop

Load OS & Client SoftwareLoad OS & Client Software

Check EnvironmentCheck Environment



YearlyYearly

Track Process Time & Track Process Time & PreparednessPreparedness


Project Fail Over Rehearsal : ERP~DRP~RecoveryProject Fail Over Rehearsal : ERP~DRP~Recovery

Identify Trigger

Inform Onsite / Alternate Offshore Teams

Stop Operations at Affected Site

Inform ISG, IDU head, TIM of scheduled drill

Use Continuity Plan for Communications

Check with Alternate Site for Operations Continuity

Execute Plan for Continuity for Single Point Failure

Identify Gaps in Knowledge & Actions

Monitor SLA , compliance & RTO, Call Off Drill with Minimum Operating Level achievement

Resume to Normal Operations & Report in Assessment Template

ERP

D

R

P

Recovery

ERPERP – Emergency Response Plan – Emergency Response PlanDRPDRP – Disaster Recovery Plan – Disaster Recovery Plan

Key WordsKey Words

Drill Conduct FlowDrill Conduct Flow


Project – Fail Over Rehearsal

This Drill enables the Project to TEST

Capability of the Project operations in totality

Communication Plan gaps

Contact List – Missing links if any

Knowledge gaps within Teams for Internal Working

Fail over issues to alternate site

Connectivity Issues

Capability to maintain Minimum Operating Level with Alternate / Onsite support

Customer SLA meet up with Fail Over in Progress

Monitoring of Recovery Time Objective

Identifying Readiness of the Project / IDU

Preparation for a Real Disaster


Project Readiness Overall

SNo What to Know ? Reference Resource

1 Your Location Security Manager (LSM) Name http://isg.techmahindra.com/

2 Your IDU Security Coordinator Name Check with PMO or LSM

3 Your Project BIA Rating TMAP

4 Updated Resource Information TMAP

5 Updated PSSD Template for project BCP

6 Updated for Project Risk Assessment to TIM & Project authorization form, Asset Classification Form & Backup Schedule Template for Servers Hosted with TIM

TIM-N-F007C, TIM-N-F001H

TIM-N-F002I, & TIM-N-F006A

7 Updated Contact List of Critical Resources Project contact list updates

8 Updated Project Continuity & Detailed Action Plan ISG-N-T013

9 Be Aware of the BCM Framework & Alternate Sites Refer BCM Framework on BMS

10 Common group email id for ALERTS about Potential or DR Incidents

[email protected]

11 Conduct Project DR Drills Refer Guidelines on BMS



Project High Level Action Plan : ERP~DRP~RecoveryProject High Level Action Plan : ERP~DRP~Recovery

Trigger / Incident

Evacuation*, & Team Safety **

Contact all Team Members to assemble

Alert Offshore / Onsite Teams

Internal coordination TIM/FMG/ISG/RMG

Refer Project Continuity Plan & Execute Actions for Single Point Failure Projects

Projects Fail over & Offshore / Onsite supports

Appraise IDU head & Internal Groups

Recover to Minimum Operating Levels achieving RTO

Resumption as Normal Operations

ERP

D

R

P

Recovery

ERPERP – Emergency Response Plan – Emergency Response PlanDRPDRP – Disaster Recovery Plan – Disaster Recovery Plan

*Fire, Bomb Threat , Post Earthquake tremor with Re-entry after All Clear & 2 hrs related to Post Earthquake Tremor evacuation ** Always 1** Always 1stst Priority Priority

Key WordsKey Words

Recovery & Resumption FlowRecovery & Resumption Flow


Framework Documentation Tree

Global BCM FrameworkGlobal BCM Framework

Disaster Management Disaster Management HandbookHandbook

Non-IT Non-IT DR Action PlanDR Action Plan

DR Test StrategyDR Test Strategy BCM Ops GuideBCM Ops Guide

IT OPS IT OPS DR Action PlanDR Action Plan

Incident Management PlanIncident Management Plan


Exhibits & Assessments

Sr Reports & Templates Exhibit

1 BIA Register

2 BIA Scorecard

3 Critical Process Register

4 Technical Infrastructure Requirement Register

5 Seating Requirement Register

6 Project Resource Register

7 Location wise – BCP Drill Compliance report

8 Business Continuity Plan Template

9 BCP Drill exception report

10 Process Guidelines – Asset, RA & BCP/DRMicrosoft Word

Document

Microsoft Office Excel 97-2003 Worksheet






Microsoft Office Word 97 - 2003 Document

Microsoft Office Excel Worksheet

Microsoft Office Excel Worksheet


to summarize…

We have gone thru this slide show covering,

Aspects of BCP Posture for Projects

BIA, Resource Information, PSSD Data Capture

Documenting a Project Continuity Action Plan

Roles & Responsibilities

Project Initiation & In-life monitoring for BCP/DR

Disaster Management – Strategy, Center Perspective & Project Perspective

Drill Types & Methodology &

The Documentation Tree for BCP/DR


Thank You !


BCM Knowledge Area

An Evaluation of Lessons LearntAn Evaluation of Lessons Learnt

It’s not over yet…


Q-1

What is the philosophy of Tech M’s BCM Framework ?

1. Only availability of information

2. Readiness to Deliver

3. Availability of Information in hard & soft form backed by readiness to deliver

4. Information – Hard, Soft, People related & Readiness including Technical Infrastructure, Facilities & Support organizations


Q-2

What is the right steps to follow in the BCM Flow ?

1. Incident – Assessment – Disaster Decide - DRP

2. Incident – Disaster Declare – Assessment – Recovery - Resumption

3. Incident – Disaster Declare- DRP - Resumption

4. Incident – Monitor- ERP – DRP – Normal Operations


Q-3

What is the right sequence of the Action Plan ?

1. DRP-Recovery-Resumption

2. ERP-DRP-Recovery-Resumption

3. ERP-DRP-Resumption

4. None of the Above


Q-4

What does the scope of BCM Include ?

1. Projects, Functions, CSU

2. CSU, IDU, Functions, Corporate Application

3. IDU, CSU, Functions, Corporate Applications, Corporate Services

4. Projects, EMBT, IMBT, HRMS


Q-5

Which are the key functions who participate in Potential Disaster Management ?

1. TIM & ISG

2. TIM & Facilities

3. TIM , Administration OR Facilities & ISG

4. TIM, Finance, Facilities


Q-6

What is the hierarchy of the BCM Organization?

1. Management Security Forum, Central DR team, Potential Disaster Mgt Team, Location Disaster Management Team

2. Management Security Forum, TIM, Facilities, IT Vendors

3. Security Coordinators, Core Team members, Central DR Team, Location Disaster management Team

4. CEO, COO, IDU Heads, CSU Heads


Q-7

What is the email group id a DR team member should subscribes to ?

1. [email protected]





Q-8

What is the key role of the BCM Manager ?

1. Coordinate Disasters

2. Send emails to the group [email protected]

3. Maintain the status of the Disaster Progress

4. To Develop, Document & Maintain the BCM Framework & BIA for Functions, Corporate Services, Corporate Services, CSU & IDU


Q-9

What is the key role of the Location Security Manager ?

1. Lead the DR team at the Location to take the right direction for recovery & Facilitate the Damage Assessment with TIM & Facilities management groups

2. Maintain Security At Location

3. Ensure Guards are attending the Gates

4. Coordinate with Facilities & TIM


Q-10

What principles would the Prioritization for recovery follow ?

1. Prioritize the projects the team likes

2. Prioritize support projects

3. Prioritize business processes held up for legal commitments

4. Prioritize Recovery considering factors related to Days DeliveryCriticality to business for legal deadlines, Other Strategic reasons


Q-11

What is the Security Coordinator a custodian of for the IDU ?

1. Custodian of the Contact List of all Project Managers who are identified as Critical in the IDU in the BIA

2. All Project managers contact list

3. Contact List of IDU Head only

4. Contact List of All Critical Team Members Only


Q-12

Which Status does the IDU head need to maintain during an Emergency ?

1. Personal commitments

2. Personal agenda of work items

3. Maintain a Status of the IDU recovery to keep informed customers & Sr Management

4. Information – Hard, Soft, People related & Readiness including Technical Infrastructure, Facilities & Support organizations


Q-13

Which Templates / Forms are required to be maintained by the Project Manager for Critical Projects ?

1. TI507 A, PSSD, TI 507 C

2. TI 507 C, PSSD, TI 407 C, TI 507 A

3. BIA, PSSD, TI 507A

4. TI 607C, TI 110A, TI 407C


Q-14

What are the contact details to be maintained by critical team members ?

1. Contact list of friends

2. Contact list of Project Manager

3. Contact list of IDU heads

4. Contact list of IDU Head, Project Manager, Team members & Security Coordinator


Q-15

What are different types of tests conducted ?

1. Table Top, Simulation, Fail Over, Testing, Rehearsals

2. Table Top, Fail Over, Environment Rebuild, Rehearsals

3. Table Top, Fail Over, Environment Rebuild, Call Tree, Rehearsals, Data Restore

4. Table Top, Fail Over, Environment Rebuild, Call Tree, Vendor Preparedness, Data Restore


Q-16

What is the documentation hierarchy of the BCM Framework?

1. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, Contact details, Test Strategy

2. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, DR Operations Handbook, Test Strategy

3. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans, Non-IT Action Planner, Test Strategy

4. Global BCM Framework, Disaster Management Handbook, Disaster Recovery Action Plans Non IT, Disaster Operations Handbook, Disaster Recovery Action Plans IT, Test Strategy

62

End Of Tutorial

Thank YouThank You

information security group bcp & bs 25999 – awareness & understanding

Documents

disaster recovery slide

confidential copyright

company confidential

bcm overview slide

holistic management

business operations

standard bs

awareness understanding