Business Continuity Plan
Simply put, a business continuity plan (BCP) entails a set of proactive activities that assists an organization to restore normal business operations under challenging or extreme circumstances (Upper Mohawk, Inc., n.d.).
An effective BCP is mainly used to identify a firm’s exposure to internal and external challenges, and to comprehensively synthesize all organizational assets with a view to provide effective prevention and recovery for the enterprise, while sustaining competitiveness and value system integrity.
Consequently, the major purpose of BCP is to enable organizations to continue with their operations under adverse or challenging situations such as fire outbreaks, theft, vandalism and other damages to critical infrastructure (Hewitt Packard, n.d).
Available literature demonstrates that the foremost step in the creation of BCP is to obtain management commitment not only because the plan forms a critical component of the strategic business plan, but also because it requires appropriate budgetary allocation.
The next step/process revolves around the identification of critical business functions and other ancillary business functions that may require protection. After this functions are identified, “…a risk assessment and a business impact analysis should be performed for each of the business functions and then, if appropriate, for the infrastructure supporting them” (Hewitt Packard, n.d., p. 3).
The next step involves communicating the information generated to senior management to give them the opportunity to confirm and then categorize the criticality of each business function and, afterwards, contact the people charged with the responsibility of writing the plan that will ensure the critical functions continue or are recovered when disaster strikes (Hewitt Packard, n.d.).These people form the business process core teams.
Disaster Recovery Plan
According to Hewitt Packard (n.d.), a disaster recovery plan (DRP) “…is reactive and usually focuses on recovering the computing environment” (p. 1). This implies that although an effective DRP may contain some components which may be used to harden or reinforce the information technology infrastructure, the plan’s foremost purpose is to assist organizations recover from damage to critical IT infrastructure.
Available literature demonstrates that although most DRPs are focused on addressing data processing related activities, they could also be used to address other areas of operation that are outside the scope of data processing but which may affect the enterprise at any given time (Wold, 1997).
As is the case with the business continuity plan, the creation of a successful DRP involves a number of steps. However, as observed by Bahan (2003), any effective process of creating a workable DRP must revolve around the definition of “…rules, processes, and disciplines to ensure that the critical business processes will continue to function if there is a failure of one or more of the information processing or telecommunications resources upon which their operations depends” (p. 3).
Consequently, the first step in the creation of DRP should be to establish a planning group composed of key individuals from each business unit. The next step should be to perform risk assessments and audits, and afterwards establish priorities for the various core applications and networks.
The next step involves the development of recovery strategies, which should then be stored in a well prepared, easily understandable inventory or any other documentation process. Afterwards, the team should develop verification criteria and procedures in readiness to implement the plan (Bahan, 2003).
Acceptable Use Policy
An acceptable use policy (AUP) is a set of regulations applied by the management of an information network, website or computer system to limit the ways in which those who are allowed to access the sites can use them (Ruighaver et al, 2010).
An AUP is an important document for the reason that it sets the regulatory standards through which people can engage the use of the huge amounts of data and information found in the computer networks and websites without trumping on the rights and privileges of the owners of these sources of information, the organizations they work for, or the people they work with (Ruighaver et al, 2010).
In other words, the AUP specifically sets out the rules of acceptable uses, rules of acceptable behavior while accessing the various databases, and important access privileges.
Organizations must reign in on their employees to adhere to rules set out in various AUPs to avoid being sucked into legal challenges and hefty penalties that are associated with noncompliance to the rules. These rules are also critical in securing critical information is not lost to hackers. For instance, some organizations include a rule that prohibits their employees from revealing their passwords to other people in an attempt to protect critical information from being stolen by hackers.
Additionally, these policies are critical in ensuring that the organization’s IT infrastructure is not attacked by malicious programs (e.g., viruses, worms and Trojan horses) by prohibiting employees from entering suspected sites or exporting suspected software into the organization’s computer systems. Above all, the policies ensure the employees do what they are supposed to do during working hours – working for the firm (Ruighaver et al, 2010).
Bahan, C. (2003). The disaster recovery plan. SANS Institute. Retrieved from http://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan_1164
Hewitt Packard. (n.d.). Developing a business continuity plan. Retrieved from http://seacliffpartners.com/portfolio/Ensuring_Survival.pdf
Ruighaver, A.B., Maynard, S.B., & Warren, M. (2010). Ethical decision making: Improving the quality of acceptable use policies. Computers & Security, 29(7), 731-736.
Upper Mohawk, Inc. (n.d.). Business Continuity Planning. Retrieved from http://www.uppermohawkinc.com/docs/Business%20Continuity.pdf
Wold, G.H. (1997). Disaster recovery planning process. Disaster Recovery Journal, 5(2). Retrieved from http://www.drj.com/new2dr/w2_003.htm