Skip to main content

How to lunch your Business continuity project

When I was working on the first part of disaster recovery project in my organization and in order to develop our Business continuity strategy, I used to read some books and posts about business continuity and DR topics.
Some of the very important web site was http://www.iso27001standard.com/en . I was subscribed to the newsletter and I was received 6 important posts about how to start your business continuity project.
In this post I will share with you these 6 steps which I believe they are very important and efficient.
For sure, if you want additional information, I suggest to do the inscription to the newsletter. 

Below the 6 steps to follow in order to lunch your Business continuity project.

Step #1 - Define scope and objectives
Step #2 - Decide which framework you'll use
Step #3 - Determine the necessary resources
Step #4 - Get your management buy-in
Step #5 - Decide how to approach the implementation
Step #6 - Launch your project

Step #1 - Define scope and objectives
A best way is through a brainstorming sessions with your colleagues and it's recommended with a member of top management.Like this you can reach a conclusion about the right scope for your project.
Some examples of objectives can be : 
  • Reduce risks
  • Minimize downtime
  • Protects brand and images
  • Improve readiness
Step #2 - Decide which framework you'll use
There are various frameworks available - the most widespread are ISO 27001 (for information security management), ISO 22301/BS 25999-2 (for business continuity management), COBIT (for IT governance), ISO 20000 (for IT service management), NFPA 1600 (for disaster/emergency management), but there are also others. 

Step #3 - Determine the necessary resources
It's very important to know  approximately  how much your project would cost.
The most costly investment will be the disaster recovery site. Other costs will be also the development of DR planing,  policies and procedures.

Step #4 - Get your management buy-in
It's very important to have the support of your management when dealing with such kind of project.Rather than human resources support,the appropriate budget.
Of course, you need to develop the awareness of the top management and to suggest for them the right solution and thoughts about the right solution regarding the provided budget.

Step #5 - Decide how to approach the implementation
Since the implementation of ISO 27001 or ISO 22301/BS 25999 is rather complex, you'll need to acquire appropriate knowledge. In that respect you basically have 3 options: 
a) Employ a full time person with substantial experience in ISO 27001 / ISO 22301 / BS 25999 implementation, or 
b) Hire external help, or 
c) Implement the standards with your existing employees only 

Step #6 - Launch your project
Once you have your management support and you know how to approach your implementation, it's time to define the project structure and start your project. 





Labels:

Comments

Post a Comment

Popular posts from this blog

What You Must Know Before Establishing a Recovery Plan ?

In today's rapidly evolving digital landscape, organizations are increasingly adopting the zero trust model, primarily due to the expanding attack surface that leaves critical systems and data exposed. This shift is also fueled by the heightened sophistication of cyber-attacks, which have become more complex and harder to detect, surpassing traditional security measures. Additionally, the existing operating models within organizations are often inconsistent, typically characterized by distributed and siloed environments.    This fragmentation creates vulnerabilities and makes it challenging to implement uniform security protocols. The zero trust model addresses these challenges by assuming that threats exist both inside and outside the network, necessitating continuous verification of all users and devices. Its adoption represents a proactive stance in the ongoing battle against cyber threats, ensuring a more robust and resilient organizational security posture. The Evolution ...
Post a Comment
Read more

A comprehensive guide to ransomware distribution in VMware environments

In a virtualized on-premises environment based on VMware, ransomware distribution scenarios can be somewhat unique due to the nature of virtualization technology. However, many of the traditional attack vectors still apply. Here are some ransomware distribution scenarios specific to a VMware-based virtualized environment: Phishing Attacks Targeting Administrators: Administrators with access to the VMware environment might receive phishing emails. If they fall for these and their credentials are compromised, attackers can gain access to the virtualized environment. Exploiting Vulnerabilities in VMware Software: If VMware software or the underlying operating system is not kept up-to-date with security patches, vulnerabilities can be exploited by attackers to deliver ransomware into the virtualized environment. Compromised Remote Management Tools: Tools used for remote management of the virtualized environment, such as vSphere, can be a target. If these tools are compromised, attackers ca...
Post a Comment
Read more

Edge Computing Demystified Book

After a while I'm back and pleased  to share in this post my first book around Edge computing Technologies. Edge computing has been a very hot and interesting topic nowadays for communication service provider and Enterprise so far. Augmented Reality / Virtual Reality, Smart cities, Healthcare, industrial IoT and many others use cases require a change in the way we operate and host application in the cloud.  IA, Big Data and analytics are often used today to understand the behavior of the customer and even the health of services. Real-time and high throughput demand are the characteristic of the new business services. Edge computing technology promises to resolve different challenges and brings compute, storage and bandwidth close to the data source. I tried in ‘the Edge Computing Demystified’ book to explain Edge computing technology referring to different use cases from communication service provider and enterprise industry. I h...
Post a Comment
Read more