http://www.securityprocedure.com/tag/contingency The taxonomy view with a depth of 0. en http://www.securityprocedure.com/comparison-between-isaca-and-drii-business-continuity-plan <p>DRII vs ISACA Business Continuity Plan Comparison<br /> <IMG SRC="http://img187.imageshack.us/img187/5076/bcpzn7.png"></p> <p><a href="http://www.isaca.org/">ISACA (Information System Audit and Control Association)</a> and <a href="http://www.drii.org/">DRII (Disaster Recovery Institute International)</a> are the two organizations that have a competency to release the right procedure and step by step for Business Continuity Management. However, if you see each step from ISACA and DRII, you can find some small differences approach on it. Here is some example:</p> <p>ISACA Business Continuity<br /> 1. Project management and initiation<br /> 2. Business impact analysis<br /> 3. Recovery strategy<br /> 4. Plan design and development<br /> 5. Training and awareness<br /> 6. Implementation and testing<br /> 7. Monitoring and maintenance</p> <p><a href="http://www.securityprocedure.com/comparison-between-isaca-and-drii-business-continuity-plan">read more</a></p> http://www.securityprocedure.com/comparison-between-isaca-and-drii-business-continuity-plan#comments Business Impact Analysis Contingency Disaster Recovery Fri, 15 Aug 2008 21:51:04 -0500 root 260 at http://www.securityprocedure.com http://www.securityprocedure.com/how-many-plans-should-i-prepare-bcp-drp-or-coop <p>I hate the (incompetent) IS auditor, here is the story. One day your external auditor from big 4 audit firm come checking your IT system. This guy, discuss some issue with executive level within your company. This text book auditor then asks you to prepare any document or plan in case of disaster or incident. You, in charge in IT department then asking question to the auditor.<br /> “Can you explain more detail what type of document? Since I’m little bit confuse with your jargon of BCP, DRP, COOP what is the difference?”</p> <p>And here is the explanation, theoretically, according to NIST-SP 800-34 standard, you must prepare:</p> <h3>1. Business Continuity Plan (BCP)</h3> <p>Purpose: Provide procedures for sustaining essential business operations while recovering from a significant disruption<br /> Scope: Addresses business processes; IT addressed based only on its support for business process</p> <h3>2. Business Recovery (or Resumption) Plan (BRP)</h3> <p>Purpose: Provide procedures for recovering business operations immediately following a disaster<br /> Scope: Addresses business processes; not IT-focused; IT addressed based only on its support for business process</p> <p><a href="http://www.securityprocedure.com/how-many-plans-should-i-prepare-bcp-drp-or-coop">read more</a></p> http://www.securityprocedure.com/how-many-plans-should-i-prepare-bcp-drp-or-coop#comments Contingency Disaster Recovery Thu, 06 Mar 2008 09:25:27 -0600 root 56 at http://www.securityprocedure.com http://www.securityprocedure.com/review-business-continuity-management-framework <p>Recent natural disaster, such as earth quake or tsunami is true evidence that all business operation need appropriate business continuity management. Today, there are a lot of world standard that could be followed to get the best implementation of business continuity management. From the US standard: NIST SP 800-34 to British Standard 25999. Here is simple comparison between to standard.</p> <p>&nbsp;</p> <p><a href="http://www.securityprocedure.com/review-business-continuity-management-framework">read more</a></p> http://www.securityprocedure.com/review-business-continuity-management-framework#comments BS25999 Business Impact Analysis Contingency NIST-SP Wed, 05 Mar 2008 23:47:27 -0600 root 54 at http://www.securityprocedure.com