• No results found

CRISP Technologies Inc.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CRISP Technologies Inc."

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Business Continuity and Resumption

Planning (BCRP

®

)

Consulting with BCRP Methodology and

Workflow

(2)

Business Continuity and

Resumption Planning (BCRP

®

)

Table of Contents

TABLE OF CONTENTS ... 2

1 CONSULTING WITH THE CRISP BCRP METHODOLOGY ... 3

2 CRISP TECHNOLOGIES PROFILE ... 5

3 COMPETITIVE ADVANTAGE ... 5

4 CLIENT TESTIMONIALS... 6

(3)

Business Continuity and

Resumption Planning (BCRP

®

)

1 Consulting with the CRISP BCRP Methodology

Continuity planning is one of those tasks that most organizations have historically pushed down their priority lists. A common reason for this hesitance is a general fear that, because most people do not know where to start or how to organize the project, the task will be too difficult to

complete in a timely and cost effective way. Recent developments in security awareness and corporate governance have meant that continuity planning is now a topic that we all have to address. Pressures from legislated initiatives such as Sarbanes-Oxley, auditor demands and management concerns mean that today’s organizations can not put off continuity planning any longer.

CRISP recognized that the growing need for continuity planning required new approaches to structure and to simplify the process of creating and executing plans. Working from a base of more than 20 years consulting on continuity planning to a wide range of organizations in many different industries, CRISP has developed the Business Continuity and Resumption Planning (BCRP®) methodology. Structured around a graphical Interactive Workflow. BCRP® provides an easy to follow guide to the development and execution of a continuity plan. The CRISP consulting services using the BCRP® methodology has been internationallyrecognized as an effective

solution that takes the mystery out of continuity planning, providing a base upon which to create comprehensive Emergency Response, Business Continuity and Information Technology Disaster Recovery plans.

The CRISP BCRP® methodology involves Strategic Risk Assessment and Business Impact

Analysis based on defined key organizational functions. Starting from a solid foundation of the business structure and processes, critical resources are highlighted and the associated risks studied. Establishing the relationships between critical resources and the functions that use them is essential for strategy and team development. This leads to identifying optimal high availability strategies and selecting cost effective solutions. Following the strategy selection, a team

structure is established to implement and maintain the Business Continuity and Resumption process.

Taking this approach, continuity plans are tied to a model of the business and all of the resources critical to business objectives and activities, rather than defaulting to consideration of computer resources alone. A clear understanding of business needs is also useful in determining technical resource sizing, response timing and availability issues, which can have significant impacts on the costs of strategies. This top down approach also sets the pattern for consistent definition and analysis of risks, impacts and strategies across the organization.

The CRISP BCRP® methodology is consistent with ISO/IEC Standard 17799:2000: Information Technology – Code of Practice for Information Security Management”, as well as COBIT: “Control Objectives for Information Technology by Information Services Audit and Control Association (ISACA)”, Sarbanes Oxley (SOx), and other global control guidelines and standards. BCRP® is a risk assessment, impact analysis and planning tool. An early component of a BCRP® project is a review of existing controls. BCRP® covers all aspects of implementation of the standards:

ƒ plan – assess risks, determine impacts, select strategies, create plan ƒ do – implement throughout organization, train

(4)

Business Continuity and

Resumption Planning (BCRP

®

)

ƒ act – maintain through integration into normal processes. Figure 1 provides a graphical representation of the approach.

Figure 1: Organizational Modeling

It is our experience that two factors are critical in the approach to Business Continuity and Resumption Planning (BCRP):

a) BCRP must be given high-level management commitment, and viewed in the light of corporate risk management. This ensures that the recovery strategies are balanced

against true business needs. It allows an organization’s overall contingency planning effort to move toward a corporate plan, which includes Information Technology and other critical resources.

b) The planning process must be solution driven, and based on recovering the mission critical functions in the least elapsed time possible. Our approach involves the use of specific and focused questionnaires and checklists to quickly establish an overall documentation of the organizational structure with an identification of the most critical functions and resources that need to be maintained. This approach provides several benefits:

• Acceleration of the analysis, strategy selection, and planning.

B

B

U

U

S

S

I

I

N

N

E

E

S

S

S

S

C

C

O

O

N

N

T

T

I

I

N

N

U

U

I

I

T

T

Y

Y

/

/

R

R

E

E

S

S

U

U

M

M

P

P

T

T

I

I

O

O

N

N

P

P

L

L

A

A

N

N

N

N

I

I

N

N

G

G

(

(

B

B

C

C

R

R

P

P

)

)

Organization

Define Primary Business Units

Define Key Functions to be performed

Identify Critical Resources Needed to Perform Key Functions

DRP PLAN

Infrastructure

Recovery Options

BUSINESS PLANS

Develop and Document Options to Recover or

Replace Critical Business Resources

E

E

M

M

E

E

R

R

G

G

E

E

N

N

C

C

Y

Y

R

R

E

E

S

S

P

P

O

O

N

N

S

S

E

E

P

P

L

L

A

A

N

N

S

S

C Coonnttiinnggeennccyy F Fuunnddiinngg F Faacciilliittiieess&& E Eqquuiippmmeenntt C Crriittiiccaall D Dooccuummeennttss K KeeyyPPeerrssoonnnneell C Crriittiiccaall Applications

(5)

Business Continuity and

Resumption Planning (BCRP

®

)

• Ease in transfer of skills to staff to enable them to continually ensure that strategies selected today are revised to reflect the changing business environments.

• The business model built during the analysis phase provides a base upon which to build the plans and implement the strategies. The close interaction of the analysis and planning portions of the process makes it economical and sensible to ensure that the methodology used for the first portion provides a basis and a driving mechanism for the rest of the plan.

• The assessment of impacts by operational management and staff allows tailoring and fine-tuning of the analysis to more accurately reflect the tangible and intangible impacts of a disaster.

• The creation of a business model based on senior user input expedites the selection of cost effective recovery strategies that reflect business needs. The analysis and presentation format used in the CRISP methodology allows the users to better understand the impacts and alternatives involved in a major disruption.

• The personal involvement of senior professionals in the project will ensure proper training, direction, process, and content.

2

CRISP Technologies Profile

CRISP is one of Canada’s fastest growing professional software and IT services companies. By applying consulting, information and technology expertise in innovative and productive ways, CRISP helps clients improve overall performance, protect their vital resources, and serve their customers more effectively and efficiently. CRISP, active in the global information technology services industry for more than 18 years, delivers electronic business solutions, management consulting, and systems and technology controls to improve the performance of private business and government clients in Canada, United States and internationally.

CRISP consultants are all senior professionals with the training, experience and certifications to guarantee solutions based on industry best practices and standards adherence.

3 Competitive Advantage

Business Continuity Planning; Disaster Recovery Planning; Emergency Response Planning; Risk Assessment; and Business Impact Analysis are covered in various ways by several software and service providers. They provide methodologies and guidelines to address these topics either individually or combined and in certain cases, are presented in complex, costly and time consuming processes. Most approaches are consultant based using proprietary methodologies that produce plans with limited opportunity to transfer ownership and knowledge to the clients. This makes the plan hard to maintain and difficult to test and execute, without further consultant assistance.

The CRISP BCRP Methodology and Workflow are a result of many years of practical experience in developing, auditing, maintaining, testing and executing actual plans with real situations and through client feedback. It provides the client with a comprehensive set of sample documents, tools, templates, and guidebooks within a logical and modular flow. This eliminates the

(6)

Business Continuity and

Resumption Planning (BCRP

®

)

requirements yet is scalable and adaptable to cover future changes. The BCRP Workflow also provides the capability to audit and integrate existing plans as well as micro-manage all or a subset of tasks. The uniqueness of the CRISP BCRP Workflow is the ability to integrate the team guidebooks generated from the plan development section into a graphical layout – the Roadmap to Recovery. This leads you from an incident until full recovery and return to normal operations.

4 Client Testimonials

The common reaction from clients experience with the CRISP BCRP Methodology and Workflow can be summarized as follows: Practical; Flexible; User Friendly; Efficient & Adaptive.

Some specific comments include:

ƒ “The CRISP BCRP methodology, tools and templates combined with their

professional consulting services provided us with the ability to quickly and effectively develop, implement and maintain our IT Business Continuity and Disaster Recovery Plans”

*International Exploration, Production & Distribution Oil & Gas Organization*

ƒ “ The CRISP BCRP methodology allowed us to quickly get to the heart of the disaster

recovery process without having to spend needless time reaching agreement on the initial format and organization of the material”

* Government & Industry Regulatory Agency*

5 Conclusion

The CRISP BCRP® Methodology and Workflow provides a comprehensive, cost effective approach to continuity planning. It allows you the flexibility to “do it yourself” or have CRISP experienced consultants coach, audit or perform the various planning, development, testing, execution, and maintenance tasks as outlined in the methodology.

References

Download now ( PDF - 6 Page - 102.49 KB )

Related documents

Application of Online Mode Professional Development in Enhancing Pedagogical and Professional Competencies in Early Grade Primary School Teacher

Data supporting the above variables are (1) the application of online mode continuous professional development, (2) online mode guidance model, (3) mechanism for implementing online

CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2

The candidate is expected to know the difference between business continuity planning and disaster recovery; business continuity planning in terms of project scope and planning,

Enterprise Resiliency & Response Program Customer Overview May 2014

The Enterprise Resiliency & Response Program, with the interrelated services of event management, site emergency planning, business continuity planning, disaster

Business Continuity and Disaster Recovery Planning

Disaster Recovery is the process an organization uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical

2014 NABRICO Conference

Provide management a gap analysis and action plan identifying the necessary steps for completing the Disaster Recovery Planning and Business Continuity process. Business

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

That Disaster Recovery Planning, Business Contingency Planning, Emergency Response Planning, and Crisis Management Planning are components of a much larger business strategy for

Business Continuity Planning and Disaster Recovery Planning

This profile should include hardware (mainframe, data and voice communication and personal computers), software (vendor supplied, in-house developed, etc.), documentation

Disaster Recovery Planning

 Disaster recovery planning : The technological aspect of business continuity planning necessary to minimise losses and ensure continuity of critical business functions