7.9. BUSINESS RESUMPTION PROGRAMS
Every organization should have a current and tested business resumption program (BRP). Such plans are sometimes referred to as disaster recovery programs, but this phraseology infers that the program applies only to disasters. Since some BRP procedures may be implemented in events less severe than a disaster, the phrase business resumption program is more appropriate. Before describing the contents of a BRP, it is important to note that a BRP does not have to be the size of an encyclopedia. If it is too large, it can be difficult to maintain and management may let it collect dust. The BRP should be as brief, concise, and easy to read as possible, while still retaining the key procedures necessary to ensure that all steps are carried out in a timely and appropriate manner. A BRP should include, at a minimum:
List of key contact personnel throughout the organization, including contact phone numbers (home, work, cell phone, pager) and home addresses.
Primary and secondary headquarters sites where key management are to convene in the event that a disaster has rendered the main headquarters location inoperable.
Identify and rank operational areas in terms of criticality and risk. The highrisk processes should be the first ones to be made functional in the event of a disaster. Data processing areas are usually at or near the top of the list of critical operational areas since so many other areas rely on data processing resources. Key aspects of a data ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
