Module 4

Business Continuity-Disaster Recovery (BCDR)

Instructor: Jamaludin Ibrahim

1
Evaluation
 Quizzes & Individual Assignments 10%
 Group Term Project 50%
 Research paper 40%
 Project Paper draft 1 - 5% (Milestone 3)
 Project Paper draft 2 – 10% (Milestone 4)
 Final Project Paper – 25% (Milestone 5)
 15 minutes Project Paper Presentation (with hard & soft
copy of presentation slides) 10%
 Summative Assessment 40%
 Test 30%
 Individual Class Participation 10%

2
 BCDR Datelines (subject to change by COVID-19 Crisis)
Week Topics
Week Topics 7 16, 18 Jun Module 5 Quiz 2 online
MODULE 1 Maintenance of BCDR
1
Introduction
Overview of BCDR 8 23, 25 Jun Module 5 – Quiz 3 online
Contingency Planning
Milestone 1: Form Groups 9 30, 2 Jul
(minimum 3, maximum 4 members) Latest Development in BCDR
COVID-19 Precautionary Break 10 7, 9 Jul
MODULE 2
Group Project Paper Presentation with Slides hardcopy
2 online/video
Assessing Risks
Milestone 2 : Research Proposal/Idea (submit 3 ideas with brief explanation) 11 14, 16 Jul
Submission & Approval
Group Project Paper Presentation with Slides hardcopy
MODULE 2: 3, 5 Mar online/video
3 12
Mitigation Strategies 21, 23 Jul
Preparing for Possible Emergency Group Project Paper Presentation with Slides hardcopy
4 MODULE 3: 10,12 Mar –Quiz 1 online/video
BCDR Development Milestone 5: Revised and Final Project Paper (25%) Due (hard and
Milestone 3: Project Paper Draft 1 (5%) - with Title, Abstract, Keywords, softcopy).
Introduction & Literature Review Due (with proper citations/ references and 13
evidences)
28 Jul
Summative Assessment: Test (30%) – take
home
MidSem Break-1 18 Mar-31 May

5 2, 4 Jun MODULE: 4-ERTL Dry Run Eid Adha Break 29.7-2.8

Emergency Response & Recovery
Disaster Recovery
Testing, Auditing & Training Final Exam Period.
6 9, 11 Jun MODULE 4 –ERTL Dry Run
Testing, Auditing & Training
Milestone 4: Project Paper Draft 2 (10%) - FULL Project Paper
with Analysis, Discussion and Recommendation Due

5
Building BCP: Project Mgmt Approach

M2 M2 M2 M3 M4 M5

6
 ERP – Emergency Response Plan

7
ERP
 A set of plans and procedures,
which is activated when an
emergency is discovered (and
later declared) that will minimize
the harmful effects of an
emergency on human life and
health, the environment,
company’s and/or third party’s
assets and company’s image or
reputation

8
Emergency Response Plan (ERP)

9
 Stopped here 2 Jun 20
Emergency Management Overview
 Keep it simple!
 In times of trouble nobody can remember/follow complex
instructions
 Have clear roles and responsibilities
 If no one knows who’s in charge or who has the authority to
make decisions, nothing gets done.
 On the other hand, if everyone believes they have the
authority to make decisions, chaos will reign
 Example: Hurricane Katrina Disaster
 BC/DR plan should include some sort of internal
emergency response capability in the event emergency
responders are not available
10
 BCDR Datelines (subject to change by COVID-19 Crisis)
Week Topics
Week Topics 7 16, 18 Jun Module 5 Quiz 2 online
MODULE 1 Maintenance of BCDR
1
Introduction
Overview of BCDR 8 23, 25 Jun Module 5 – Quiz 3 online
Contingency Planning
Milestone 1: Form Groups 9 30, 2 Jul
(minimum 3, maximum 4 members) Latest Development in BCDR
COVID-19 Precautionary Break 10 7, 9 Jul
MODULE 2
Group Project Paper Presentation with Slides hardcopy
2 online/video
Assessing Risks
Milestone 2 : Research Proposal/Idea (submit 3 ideas with brief explanation) 11 14, 16 Jul
Submission & Approval
Group Project Paper Presentation with Slides hardcopy
MODULE 2: 3, 5 Mar online/video
3 12
Mitigation Strategies 21, 23 Jul
Preparing for Possible Emergency Group Project Paper Presentation with Slides hardcopy
4 MODULE 3: 10,12 Mar –Quiz 1 online/video
BCDR Development Milestone 5: Revised and Final Project Paper (25%) Due (hard and
Milestone 3: Project Paper Draft 1 (5%) - with Title, Abstract, Keywords, softcopy).
Introduction & Literature Review Due (with proper citations/ references and 13
evidences)
28 Jul
Summative Assessment: Test (30%) – take
home
MidSem Break-1 18 Mar-31 May

5 2, 4 Jun MODULE: 4-ERTL Dry Run Eid Adha Break 29.7-2.8

Emergency Response & Recovery
Disaster Recovery
Testing, Auditing & Training Final Exam Period.
6 9, 11 Jun MODULE 4 –ERTL Dry Run
Testing, Auditing & Training
Milestone 4: Project Paper Draft 2 (10%) - FULL Project Paper
with Analysis, Discussion and Recommendation Due

11
Emergency Response Plan (ERP)

12
Emergency Response Plans
 The emergency response is the immediate response to the
incident.
 If fire breaks out, the emergency response is evacuating the
building and calling the fire department while perhaps having
trained employees use fire extinguishers to try to control the blaze.
 These are the basics of a fire emergency response. However,
there are other kinds of risks your company faces and these
also require emergency response plans.
 Rather than creating a separate plan for every type of event
that could occur, it’s often advisable to create a basic
emergency response checklist that can be used regardless of
the emergency

13
ERP Tasks – Basic Checklist
 The basic set of emergency response tasks are these:
 ■ Protect personnel
 ■ Contain incident
 ■ Implement command and control (Emergency Response
Team, Crisis Management Team step in)
 ■ Emergency response and triage (medical, evacuation, search
and rescue)
 ■ Assess impact and effect
 ■ Notification
 ■ Next steps

14
Basic Response Procedures Priority
 The response procedures include
 protection of people first,
 containment of the emergency second,
 and assessment of the situation third.
 Regardless of the type of plan you create, these should be
your priorities.
 In companies where emergency incidents could have very high
and devastating /debilitating impact to human life, assets,
national psyche and reputation,
 “Over-reacting” Recovery Philosophy is
adopted e.g. Airline, Oil & Gas, Nuclear Reactor

15
 Emergency
“Over-reacting” Declaration

Recovery · Activate-Deploy SRT by

OSC
Emergency
Response

Philosophy Tier 1
Yes ·

·
Activate-standby: BCT,
BRT, DRT
Gather Damage
By ERT

Assessment Data
No
 Recovery Steps · Activate-Deploy BCT

to be taken after Tier 2

Yes ·

·
Activate-standby: CMT,
BRT, DRT
Gather Damage
·

·
Continue
Standby
Gather Data

an emergency No
Assessment Data · Do Damage
Assessment

declaration, where
·
teams are
This is a TIER 3 Emergency
· Activated-Deployed CMT No
Situation Safe Situation Safe
· Activate-standby: BRT, DRT No

activated or kept · Gather Damage Assessment Data

Yes Yes

on standby in Meet all Recovery No Satisfy All

Recovery
Declaration
“situation rendered
Requirements
accordance with Requirements safe”

Yes

the “over- Follow Potential Emergency & Deploy Recovery Team (s)

reacting”
to Recovery Site ECT Stand Down
Scenario and Departmental
Recovery of CBPs as oulined
in Section 6 and 7 (whichever
recovery applicable) of BCP respectively Recovery of
Critical Business
Processes (CBPs)

philosophy
No
All CBP
Recovered

Yes Recovery Requirements

are conditions that must be
· Handover to Normal Operations Team(s) satisfied before recovery
· Stand Down Recovery Team(s) team can proceed to do
· Recovery Report actual recovery – see
section 5.2 of BCP.

Restoration to Normal
Operations

16
What’s in ERP?
 Each plan should include:
 ■ Roles and responsibilities
 ■ Tools and equipment
 ■ Resources
 ■ Actions and procedures

18
An Emergency Response Strategy

19
Emergency Response Teams (ERTs)
 Your company should have an emergency response team
with defined roles and responsibilities for team members.
 Each person should clearly know the bounds of their
authority and to whom they should turn for help or for
escalation of issues.
 In previous chapters, we’ve referred to a Crisis
Management Team (CMT), which may or may not be the
same as an Emergency Response Team (ERT).
 If you’re in a small company, it may be the same set of
people, but in many cases these are not the same people
because the skills required are different.

21
ERT Leader
 The ERT leader is responsible for activating and coordinating the
emergency response and for notifying civil authorities such as the
police or fire department, contacting hospitals or paramedics, and so
on.
 The ERT leader also should be a member of the Crisis Management
Team and should coordinate closely with the CMT to ensure that the
appropriate level of BC/DR activation occurs in a timely manner.
 Emergency response and disaster recovery activities can occur in
parallel.
 Typically, only trained members of the ERT can address the actual
emergency.
 Members of the CMT can begin assessing damage, evaluating
options, and implementing the BC/DR plan as soon as possible.

22
Crisis Management Team
 The crisis management team (CMT)
is the team responsible for making UN Haiti Crisis Management Team
 the high-level decisions; Holds Videoconference with Port-
 for coordinating efforts of internal au-Prince (2010)
and external staff, vendors, and
contractors;
 and for determining the most
appropriate responses to situations
as they occur.
 They should be well versed with the
BC/DR plan and the various team
leaders for BC/DR activities either
should be part of the crisis
management team or should report
to them.

23
Malaysian National
Security Council

24
Emergency Response and Disaster
Recovery
 CMT oversees the emergency response team and the disaster
recovery team(s).
 Once an emergency occurs, the ERT leader should take charge
of managing the emergency itself,
 and the leader of the CMT should begin coordinating efforts
between ERT, civil emergency responders (if appropriate), and
other initial activities related to the BC/DR plan.
 The ERT leader should be a member of the CMT and should
report to the team periodically throughout the emergency
response.
 The ERT should be quickly released back to emergency duties
while someone from the CMT documents the information
provided by the ERT
25
Emergency Response and Disaster
Recovery
 CMT also coordinates activities related to initiating the disaster
recovery efforts.
 Once the ERT leader has notified the CMT that the actual
emergency has ceased and that disaster recovery can begin,
the CMT takes over coordinating all activities.
 Typically, once the disaster recovery efforts conclude and
business continuity efforts begin, the CMT winds down and
operations may resume through normal management channels.
 This is a decision each company must make based on its
unique structure, but in general, the CMT leader should
manage the situation until it makes sense to hand over control to
the operations team.

26
Emergency Response & Recovery
Checklist
 Initial Response
 1. Receive initial notification of possible, impending, or in-
progress disruption or disaster.
 2. Alert appropriate emergency response organizations (fire,
police, etc.), if needed.
 3. Access BC/DR plan.
 4. Notify and mobilize damage assessment team and the crisis
management team.
 5. Assess damage, determine appropriate BC/DR activation steps.
 6. Notify appropriate BC/DR team members.
 7. Prepare preliminary event report or log. Communicate with
appropriate parties.

27
Emergency Response Plan (ERP)

28
Damage and Situation Assessment
Checklist
 1. Receive initial notification of possible, impending, or in-progress
disruption or disaster.
 2. Review preliminary event report or log.
 3. Assess structural damage, health and safety impact and risks.
 4. Determine extent and severity of disruption to operations.
 5. Assess potential financial loss.
 6. Determine severity based on predefined categories (see categories
described earlier in this section)
 7. If impact is minor, take no further action and continue to monitor
situation.
 8. Prepare final assessment and report, notify BC/DR teams of findings.
 9. If impact is intermediate or major, declare disaster and update event
report or log, communicate with appropriate parties.

29
Disaster Declaration and Notification
Checklist
 1. Review disaster level assessment, impacts, and other data gathered
during initial response phases.
 2. Activate BC/DR teams if they have not already been activated.
 3. Review recovery options based on disaster assessment.
 4. Select best recovery options for the situation, begin plan to implement
recovery options (see next phase).
 5. Notify management and crisis communications teams.
 6. Prepare a disaster declaration statement that can be communicated to
employees, BC/DR team and community contacts (see the case study
that follows this chapter for more on disaster declaration statements and
their dissemination).
 7. Monitor progress.
 8. Document results in event log, communicate with appropriate parties.

30
One very important note
 You should clearly define the point at which the CMT stands
down and normal operations take over.
 If you fail to clearly identify this line of demarcation, you risk
having turf wars, power struggles, and people working at cross-
purposes.
 Create a clear set of criteria for when the CMT hands over
operations so that there is no question in anyone’s mind about how
the transition should occur.
 This is usually not a major issue in companies where the members
of the CMT are members of the senior management team.
 In some companies, however, there may be confusion over roles,
responsibilities, and authority, so be sure to clearly delineate
these in advance.

31
Alternate Facilities Review and
Management
 The CMT is responsible for overseeing the activities related
to disaster recovery and business continuity at alternate
sites.
 They should review the activities leading up to activating the
alternate site and should be the ones with final authority over
decisions that need to be made related to the alternate site,
 such as bringing in additional services,
 equipment or vendors if original arrangements do not meet current
needs.
 They are responsible for resolving problems and issues that
arise and should be the final decision makers for escalated
issues.

32
Communications
 In an emergency situation, you should avoid having multiple sources
of communications going out since it can cause confusion, error,
frustration, and worse.
 Though you don’t want to create a bottleneck in your communication
stream, in the early stages after a business disruption or emergency,
strive to have the CMT clear any messages going out.
 This not only will ensure that the message is correct and consistent, it
will keep the CMT in the loop as well.
 This establishes a two-way communication channel between the
CMT and the teams working on disaster recovery activities and helps
in the coordination of activities and teams.
 This is critical for disasters or disruptions that also disrupt
communication lines.

33
 CBP Priority: An Example
Newco

i ca tions MX

m m un
Co
i t y N o1
Prior
FX

KXX

O@KLCC

34
 BCDR Datelines (subject to change by COVID-19 Crisis)
Week Topics
Week Topics 7 16, 18 Jun Module 5 Quiz 2 online
MODULE 1 Maintenance of BCDR
1
Introduction
Overview of BCDR 8 23, 25 Jun Module 5 – Quiz 3 online
Contingency Planning
Milestone 1: Form Groups 9 30, 2 Jul
(minimum 3, maximum 4 members) Latest Development in BCDR
COVID-19 Precautionary Break 10 7, 9 Jul
MODULE 2
Group Project Paper Presentation with Slides hardcopy
2 online/video
Assessing Risks
Milestone 2 : Research Proposal/Idea (submit 3 ideas with brief explanation) 11 14, 16 Jul
Submission & Approval
Group Project Paper Presentation with Slides hardcopy
MODULE 2: 3, 5 Mar online/video
3 12
Mitigation Strategies 21, 23 Jul
Preparing for Possible Emergency Group Project Paper Presentation with Slides hardcopy
4 MODULE 3: 10,12 Mar –Quiz 1 online/video
BCDR Development Milestone 5: Revised and Final Project Paper (25%) Due (hard and
Milestone 3: Project Paper Draft 1 (5%) - with Title, Abstract, Keywords, softcopy).
Introduction & Literature Review Due (with proper citations/ references and 13
evidences)
28 Jul
Summative Assessment: Test (30%) – take
home
MidSem Break-1 18 Mar-31 May

5 2, 4 Jun MODULE: 4-ERTL Dry Run Eid Adha Break 29.7-2.8

Emergency Response & Recovery
Disaster Recovery
Testing, Auditing & Training Final Exam Period.
6 9, 11 Jun MODULE 4 –ERTL Dry Run
Testing, Auditing & Training
Milestone 4: Project Paper Draft 2 (10%) - FULL Project Paper
with Analysis, Discussion and Recommendation Due

35
Human Resources
 Representatives from Human Resources should be included on the CMT
so that they can specifically address the needs of employees and
maintain a communication channel with employees through preplanned
methods.
 They should track employees who may be injured from the event or not available
for work due to leaves of absence, vacations, and so on.
 They should provide support for injured employees and their families including
facilitating access to emergency or ongoing medical or psychological services.
 They can also assist employees with financial, legal, and insurance issues related
to the injury or death of an employee or family member.
 They should prepare and update an employee head count to determine who is
available for recovery operations and who may be available later for business
continuity activities.
 If temporary staff or contractors are needed, they can help select, manage,
oversee, and monitor temporary staff as well as manage timecards and other
payments for such staff.

36
Legal
 Depending on the nature of the disaster or disruption, you
may need to have the CMT contact legal counsel.
 The firm’s lawyers or legal representatives may need to review
or approve emergency contracts; review language in
agreements with vendors, suppliers, or contractors; review
documents related to injury, death, or property damage; or
address regulatory and compliance issues.
 As soon as the CMT is activated, it should be someone’s
specific responsibility to contact legal counsel and
notify them of the event so they can provide appropriate
information, feedback, and guidance throughout the
remainder of the event and during its aftermath.

37
Insurance
 Your BC/DR plan should have contact information for your insurance
company representatives and they should be notified upon activation of
the CMT.
 The CMT may also perform an initial damage assessment and document
it for the insurance company.
 This might include taking photographs or video images as well as making detailed
notes.
 Members of the CMT team should also begin gathering documents related
to insurance claims and submit loss estimates to the insurance company.
 Finally, someone on the CMT should review the insurance documents to
determine exclusions, limitations (financial, time, location, cause, etc.),
or maximums on various policies.
 Any issues with insurance should be escalated to management and/or legal
counsel for review and resolution.

38
Finance
 The CMT should also have representatives from the financial
department available to assess the status of the company.
 This might include assessing the cash availability of the company,
the viability (or advisability) of processing employee payroll early,
or to provide advances to employees.
 Financial representatives also need to assess the status of the
accounts payable and receivable to ensure bills and invoices are
issued in a relatively timely manner and that revenue and payments
are received in a timely manner as well.
 A process for managing, tracking, and monitoring expenditures
during the disaster or disruption should be implemented and
managed by the financial representative(s) on the CMT

39
Disaster Recovery
 We’re going to discuss the disaster recovery activities in a
bit more detail
 You may find it helpful to develop a variety of checklists,
which can be extremely useful in making quick decisions
for moving forward.
 Since you and your team may not have time to rehearse
these plans frequently, checklists can help remind you of
critical steps to take, regardless of the situation.

40
Recovery Checklists
 The recovery phase also has specific tasks that should be undertaken.
 The specific steps to be taken should be defined in your BC/DR plan.
 If you’ve looked at the various risks and potential impacts of these
risks, you should have numerous scenarios that require planning.
 By developing plans for various scenarios, you will have the steps
you need in almost any type of disaster because even though the
details of the disaster may vary, the steps you need to take will be the
same in a major disaster or a minor disaster.
 As with the activation phase, there is a long list of items you can use
for this stage of work..
 Remember, all these lists are intended solely to get you thinking about
how you will manage your company’s BC/DR efforts, so you will need to
modify them accordingly.

41
IT Recovery Tasks

42
IT Recovery Tasks
 Part of IT recovery involves responding to, stopping, and
repairing problems caused by system failures, security
breaches, or intentional data corruption or destruction.
 Depending on the nature or severity of the attack or
incident, you may need to activate a computer incident
response team (CIRT) or CERT – computer
emergency response team.

43
Computer Incident Response
 Most IT departments have some process in place for addressing and
managing a computer incident.
 An incident is defined as any activity outside normal operations, whether
intentional or not; whether man-made or not.
 For example, the theft in the middle of the night of a corporate server is an incident.
A Web site hack or a network security breach is also an incident.
 A database corruption issue or a failed hard drive is also an incident, but for the
purposes of this discussion, we’re going to stick with the emergency kinds of
incidents and leave the more routine incident handling to your existing IT operations
procedures.
 For example, we’ll assume you can handle a bad hard drive or a failed router through
standard operating procedures and we won’t cover that here.
 What we will cover are the incidents that require a swift and decisive action
to stop the incident from continuing.
 This includes events such as a network security breach or a denial of service attack
and events such as a fire in the server room or a flood in the building.

44
computer incident response team (CIRT)
 CIRT Responsibilities
 In order for the CIRT to be effective, its duties must
be well defined. There are five major areas of
responsibility for the CIRT team. These are:
 Monitor
 Alert and Mobilize
 Assess and Stabilize
 Resolve
 Review

45
Monitor
 Every network must be monitored for a variety of events.
 These might include failed login attempts or notification of a
change to security settings, for example.
 Other incidents may include unusual increases in certain types of network
traffic or excessive attempts to login to secure areas of the network.
 Whether the event stems from intentional or unintentional acts, the
network needs to be monitored
 Having experienced team members monitor the network will help
reduce the lag time between an unwanted event and a response.
 CIRT team should monitor the network activity and take
appropriate action regardless of the source of the problem.
 In some cases, this will involve activation of the BC/DR plan, in other
cases it won’t.

46
Alert and Mobilize
 Once an unusual, unwanted, or suspicious event has
occurred, the CIRT member should alert appropriate
team members and mobilize for action.
 This may involve shutting down servers, firewalls, e-mail, or
other services.
 As part of a BC/DR plan, this can also include being alerted
that the event or disaster disrupted network services, such as a
data center fire or theft of a corporate server after a fire in
another part of the building.
 Alerting and mobilizing should have the effect of
stopping the immediate impact of the event.

47
Assess and Stabilize
 After the immediate threat has been halted, the CIRT team
assesses the situation and attempts to stabilize it.
 For example, if data has been stolen or databases have been
corrupted, the nature and extent of the event must be assessed
and steps must be taken to stabilize the situation.
 In many cases, this phase takes the longest because
determining exactly what happened can be challenging.
 If you have members of your team that have been trained
in computer forensics, they would head up this segment
of work.

48
Resolve
 After determining the nature and extent of the incident,
the CIRT can determine the best resolution and
implement it.
 Resolution may involve restoring from backups, updating
operating systems or applications, modifying permissions,
or changing settings on servers, firewalls, or routers.

49
Review
 Once the event has been resolved, the CIRT should
convene a meeting to determine how the incident
occurred, what lessons were learned, and what
could be done to avoid such a problem in the future.
 Within the scope of a BC/DR plan, this might involve
understanding how the recovery process worked and
what could be done differently in the future to
decrease downtime, decrease impact, and improve time to
resolution.

50
CERT developed by SEI-Carnegie
Mellon University

51
Is Your Business Prepared for the
Next Disaster?

52
 BCDR Datelines (subject to change by COVID-19 Crisis)
Week Topics
Week Topics 7 16, 18 Jun Module 5 Quiz 2 online
MODULE 1 Maintenance of BCDR
1
Introduction
Overview of BCDR 8 23, 25 Jun Module 5 – Quiz 3 online
Contingency Planning
Milestone 1: Form Groups 9 30, 2 Jul
(minimum 3, maximum 4 members) Latest Development in BCDR
COVID-19 Precautionary Break 10 7, 9 Jul
MODULE 2
Group Project Paper Presentation with Slides hardcopy
2 online/video
Assessing Risks
Milestone 2 : Research Proposal/Idea (submit 3 ideas with brief explanation) 11 14, 16 Jul
Submission & Approval
Group Project Paper Presentation with Slides hardcopy
MODULE 2: 3, 5 Mar online/video
3 12
Mitigation Strategies 21, 23 Jul
Preparing for Possible Emergency Group Project Paper Presentation with Slides hardcopy
4 MODULE 3: 10,12 Mar –Quiz 1 online/video
BCDR Development Milestone 5: Revised and Final Project Paper (25%) Due (hard and
Milestone 3: Project Paper Draft 1 (5%) - with Title, Abstract, Keywords, softcopy).
Introduction & Literature Review Due (with proper citations/ references and 13
evidences)
28 Jul
Summative Assessment: Test (30%) – take
home
MidSem Break-1 18 Mar-31 May

5 2, 4 Jun MODULE: 4-ERTL Dry Run Eid Adha Break 29.7-2.8

Emergency Response & Recovery
Disaster Recovery
Testing, Auditing & Training Final Exam Period.
6 9, 11 Jun MODULE 4 –ERTL Dry Run
Testing, Auditing & Training
Milestone 4: Project Paper Draft 2 (10%) - FULL Project Paper
with Analysis, Discussion and Recommendation Due

53
 Testing, Auditing & Training

54
Building BCP: Project Mgmt Approach

M2 M2 M2 M3 M4 M5

55
Relationship between Train, Test, Audit
& Maintenance
 Training includes training staff on their roles
and responsibilities related to the BC/DR plan
as well as training them in the specific skills
they’ll need to carry out their roles effectively.
 Testing is the process of testing the plan, and
there are various methods for doing so that
we’ll discuss in this chapter.
 Finally, there is the process of auditing the IT
systems that form the foundation of most
BC/DR plans.
 Training, testing, and plan maintenance are all
bound together.
 Testing the plan trains staff and maintains the plan.
 Training staff tests and maintains the plan.

56
Training for Disaster
Recovery and Business Continuity
 There are two distinct parts of disaster recovery and business continuity
training.
 The first is the actual physical response to the disruption or emergency. That
might involve evacuating a building if there’s a fire, grabbing a fire
extinguisher to douse a fire in the server room, or finding the water main if
there’s flooding inside the building.
 These actions all require some basic training so responders know what to do and how
to do it safely. There’s little point in a responder grabbing a fire extinguisher and
subsequently being burned by the fire because he or she did not know how to properly
use the equipment or properly extinguish a fire. That’s one aspect of training.
 The second aspect of training has to do with ensuring that the various
response teams know how to implement the BC/DR plan and that they have
the skills needed to do so.
 For example, you might want to provide periodic training for your IT staff so they can
stay up to date on the latest threats and security measures or training for alternate
BC/DR staff on performing a system restore and verification routine.

57
Emergency Response Training
 ERT team members should be trained in appropriate emergency response
activities.
 Each company should identify the likely emergency responses needed and
provide training in these activities.
 If your firm is located in an area prone to flooding, earthquakes, hurricanes, or tornados,
you should provide training in emergency response related to these events.
 In addition, basic first aid and CPR training should be part of all emergency responders’
training, and some companies find it useful to provide this training to all employees.
 The specialized skills for the ERT might include fire fighting techniques or
building evacuation procedures, for example.
 These specialized skills require training in order to protect the safety of the responders and
to enable the responders to be effective.
 BC/DR plan should include the designation of an ERT as well as a list of
required training/skills, certification requirements (if any), as well as
periodic refresher courses.
 The ERT leader should be responsible for managing this.

58
Disaster Recovery and
Business Continuity Training Overview
 The role of training is both to
 familiarize people with the plan elements and processes and
 to reinforce the basic knowledge of the plan.
 Disaster recovery and business continuity training
includes
 defining the scope
 and objectives for the training,
 performing a needs assessment (gap analysis),
 developing training,
 scheduling and delivering training,
 and monitoring/measuring training

59
Example: CIRT Training Outline

60
Cross-training

61
Training and Testing for Your
Business Continuity and Disaster Recovery Plan
 There are four basic ways to train staff regarding the
BC/DR plan, and these also simultaneously test the plan.
 These are
 paper walk-throughs (or tabletop exercises TTXs),
 functional exercises,
 field exercises, and
 full interruptions.

62
Team Leaders need to know….
 Team leaders, in particular, need to know how and when
to activate the plan as well as how to notify, assemble,
and manage their teams.
 Specifically, they need to know how to:
 ■ Use the plan effectively.
 ■ Understand their individual and team roles and
responsibilities.
 ■ Notify, assemble, and manage their team members.
 ■ Operate as a cross-functional team member.
 ■ Communicate effectively across organizational boundaries in
a stressful situation, often without the aid of common
communication tools such as phones, e-mail, or other devices.

63
disruption vs accuracy

64
Another Perspective

65
Paper Walk-through
 Also called Table-top exercise (TTX) or
structured walk-through test.
 In this type of test, members of the emergency
management group and business unit
management representatives meet in a
conference room setting to discuss their
responsibilities and how they would react to
emergency scenarios by stepping through the
plan.
 The goal is to ensure that the plan accurately
reflects the organization’s ability to recover
successfully, at least on paper.
 Each step of the plan is walked through in
the meeting and marked as performed.
Major glaring faults with the plan should be
apparent during the walk-through.

66
Paper Walk-through
 In most companies, if you can manage to schedule a paper walk-
through of your BC/DR plan once a year, you’ve scored a major
victory.
 As gloomy a prediction as that is, it reflects the reality in today’s organizations.
 However, if you’ve managed to get approval to put together your
BC/DR plan, you can make a pretty strong case that without a walk-
through, you’ll never know if it works or not.
 It’s like carrying a spare tire that’s flat—it’s of absolutely no consequence
until you need it.
 You want to know if your BC/DR plan will work if needed, and the
only way to determine that is to test it out.
 A paper walk-through will take time to step through but it’s time well spent.
 There are eight discrete steps you can take to run an effective paper
walk-through.

67
Walk-thru Steps: Develop Realistic
Scenarios
 The first step is to develop realistic scenarios for your
walk-through.
 You should develop scenarios based on those risks determined by
your assessment to be the highest risk, highest likelihood, and
highest impact.
 Focus on the things most likely to occur.
 Start with a fire in the building, since statistically speaking, that’s
the disaster most likely to strike businesses
 Remember, you will likely need to perform several
walk-throughs based on various threats.
 Ideally, you’ll perform a paper walk-through for each
of your major risks.
68
Scenarios

69
Walk-thru Steps: Develop Evaluation
Criteria
 Develop criteria that include:
 ■ How well participants were able to follow and utilize the
plan
 ■ How well participants were able to communicate across
team lines
 ■ How well the checklists or defined steps worked to achieve
the stated objectives
 ■ How confident participants felt with their implementation
of the plan
 ■ How confident participants feel about implementing the
plan in the future

70
Paper Walk-thru Steps: Provide Copies
of the Plan
 Members of the crisis management team should be given the
latest copies of the plan in advance of the walk-through.
 The hope (but usually not the reality) is that they’ll look through the
plan prior to the walk-through.
 So, training and testing need to work on the assumption that prior
reading or familiarization will not occur (despite what people might
claim).
 Create a flowchart of your plan’s processes in order to
help individual team members visually see and understand
how things should proceed.
 This often helps individuals understand their roles within the
larger plan and operate more effectively as part of the larger
team

71
Example: flowchart plan’s processes

72
Paper Walk-thru Steps: Divide
Participants by Team
 If your walk-through includes members of different teams,
having them sit together can help the flow of the walk-
through.
 If they need to confer or make notes among themselves, they
can do so more effectively by being in close proximity to one
another.
 It also helps reduce cross-talk and interruptions.
 Be sure to have alternates attend the training and work
alongside their counterparts.
 If you have vendors you’ve designated as team members,
they should also be included in the training.

73
Paper Walk-thru Steps
 Use Checklists
 If you have checklists for your key processes (such as those shown in
the appendix materials), be sure to provide copies of these checklists
and ensure the team uses these checklists.
 If they find steps that are out of order, missing, or redundant, they can
correct the checklists quickly. Like flowcharts, using checklists will
also help maintain direction and forward progress during the walk-
through.
 Take Notes
 Someone should be tasked with keeping notes about the process,
major issues that arise, and the like.
 If you run the walk-through with various teams, each team should be
responsible for keeping notes on their process and their section of the
plan as well.

74
Paper Walk-thru Steps
 Identify Training (additional) Needs
 As you train staff in the use and implementation of the plan,
you should specifically keep an eye open for additional
training needs.
 Be sure to ask training participants to make a note of any
skills they believe they need in order to effectively carry out
the BC/DR plan.
 Those closest to the job are in the best position to identify
skills gaps and you can develop a list of training needs from
these run-throughs.

75
Paper Walk-thru Steps
 Develop Summary and Lessons Learned
 After the walk-through, you should compile and summarize the
notes collected.
 You should summarize the lessons learned from the exercise and schedule a
follow up meeting.
 be held a day or two after the walk-through (i.e., not immediately following the
walk-through, but not four weeks later) so that participants have a chance to
think about the walk-through and bring their thoughts, suggestions, and feedback
to the follow-up meeting
 .You can use the data collected from this process to modify future walkthrough
sessions and to modify the BC/DR plan as needed.
 An annual walkthrough of the plan is often used as a
combination of plan familiarization, training, and testing.
 In some cases, that may be adequate, but this type of exercise is
really the bare minimum.

76
Functional Exercises
 Functional exercises are used to
actually test some of the plan’s
functionality
 It’s often helpful and adequate to
perform a paper walk-through along
with functional exercises. Functional
exercises train staff in critical
procedures or functions needed to
respond to and address the disruption.
 Scripted.
 Very Similar to Walk-thru
Drill or Simulation Test
77
Walk-through drill or simulation test
 The emergency management group and response
teams actually perform their emergency response
functions by walking through the test, without
actually initiating recovery procedures.
 During a simulation test, all the operational and
support personnel expected to perform during
an actual emergency meet in a practice session.
 The goal here is to test the ability of the
personnel to respond to a simulated
disaster.
 The simulation goes to the point of relocating to
the alternate backup site or enacting recovery
procedures, but it does not perform any actual
recovery process or alternate processing.

78
Functional drill or parallel test
 This type tests specific functions such as medical
response, emergency notifications, warning and
communications procedures, and equipment,
although not necessarily all at once.
 This type of test also includes evacuation drills, in
which personnel walk the evacuation route to a
designated area where procedures for accounting for the
personnel are tested.
 A parallel test is a full test of the recovery plan,
utilizing all personnel.
 The goal of this type of test is to ensure
that critical systems will actually run at
the alternate processing backup site.
 Systems are relocated to the alternate site,
parallel processing is initiated, and the results of
the transactions and other elements are compared.

79
Full-interruption Test or full-scale
exercise
 A full interruption test can be for the
organization or just for specific
systems within the organization.
 It activates all components of the
plan and interrupts all mission-
critical functions.
 The full interruption test will also
activate the alternate work sites or
facilities and off-site storage
facilities, and the plan is actually
implemented in whole.
 This type of full interruption test can
be announced or unannounced.

80
Full-interruption Test or full-scale
exercise
 A real-life emergency situation is simulated as closely as
possible.
 This test involves all the participants who would be
responding to the real emergency, including community
and external organizations.
 The test may involve ceasing some real production
processing.
 The plan is totally implemented as if it were a real
disaster, to the point of involving emergency services
(although for a major test, local authorities might be
informed and help coordinate).

81
Testing the BC/DR Plan
 ■ Checks for understanding of processes, procedures, and
steps by those who must implement the plan
 ■ Validates the integration of tasks across the various
business units and management functions
 ■ Confirms the steps developed for each phase of the plan’s
implementation
 ■ Determines whether the right resources have been
identified
 ■ Familiarizes all involved parties with the overall process
and flow of information
 ■ Identifies gaps or weaknesses in the plan
 ■ Determines cost and feasibility
82
Performing IT Systems and Security
Audits
 By definition, an audit is the systematic examination
against defined criteria.
 If your company is required to comply with laws or
regulations, you have no doubt been through rigorous
audits.
 The audits you perform to conform to these regulations
may help in your BC/DR planning and may need to be
included in your plan.

83
 BCDR Datelines (subject to change by COVID-19 Crisis)
Week Topics
Week Topics
7 16, 18 Jun Module 5
1 MODULE 1 Maintenance of BCDR
Introduction
Overview of BCDR
8 23, 25 Jun Module 5 – Quiz 3
Contingency Planning
Milestone 1: Form Groups Group Project Paper Presentation with Slides hardcopy
(minimum 3, maximum 4 members)
9 30, 2 Jul
COVID-19 Precautionary Break
Group Project Paper Presentation with Slides hardcopy
2 MODULE 2 10
Assessing Risks
7, 9 Jul
Milestone 2 : Research Proposal/Idea (submit 3 ideas with brief explanation) Group Project Paper Presentation with Slides hardcopy
Submission & Approval 11 14, 16 Jul
MODULE 2: 3, 5 Mar Latest Development in BCDR
3
Mitigation Strategies 12 21, 23 Jul
Preparing for Possible Emergency
Summative Assessment: Test (30%)
4 MODULE 3: 10,12 Mar –Quiz 1 Milestone 5: Revised and Final Project Paper (25%) Due (hard and
BCDR Development
softcopy).
Milestone 3: Project Paper Draft 1 (5%) - with Title, Abstract, Keywords,
13 28 Jul
Introduction & Literature Review Due (with proper citations/ references and
evidences) Summative Assessment: Test (30%)

MidSem Break-1 18 Mar-31 May

Eid Adha Break 29.7-2.8
5 2, 4 Jun MODULE: 4
Emergency Response & Recovery
Disaster Recovery Final Exam Period.
Testing, Auditing & Training

6 9, 11 Jun MODULE 4 – Quiz 2

Testing, Auditing & Training
Milestone 4: Project Paper Draft 2 (10%) - FULL Project Paper
with Analysis, Discussion and Recommendation Due

84
End of Module 4

85