Download presentation
Presentation is loading. Please wait.
Published byBlaise Clarke Modified over 9 years ago
1
FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most recent versions of its software in this location. Documentation of the computer room environment controls test for the last 18 months show no irregularities. These files are in the CIO’s office.
2
FFC has no documented business continuity or disaster recovery plan. Management believes such a plan is cost-prohibitive for an organization of its size. This belief is based largely on the fact that FFC has never suffered a disaster. FFC does not test their backup tapes to determine if they are functional in case of an emergency. They have no plans for future testing.
3
The physical construction of the buildings used to house the computing environment has not been tested or reviewed. FFC does not have an uninterruptable power supply (UPS). FFC does not have insurance coverage. Emergency supplies and hard copies of source documents are not retained. This makes FFC further susceptible to disaster.
4
The lack of a documented business continuity plan is a major point of concern, as there is no standard process for recovering business operations in the event of a disaster. Additionally, the informal plan that has been developed has not been tested, meaning there is no verification of the plan’s viability or that team members are clear on how to act in the event of a disaster. The current plan consists of the data center manager retrieving the latest offsite tapes to recover the system; however, no mention of a contingency plan was noted in case the data center manager is unavailable. Also, the plan does not address the potential that FFC’s data center is destroyed. In this event there would be no location at which the most recent backup tapes could be restored. In light of these issues we have assessed the risk level of FFC’s business continuity planning based on the threat matrix to have a likelihood of possible and impact to be catastrophic, resulting in a rating of high.
5
Based on our findings in the previous risk assessment that there is a likelihood of possible and impact to of catastrophic the following numeric value represents BCP’s overall risk rating: 8
6
The following solutions to weaknesses can be implemented for Business Continuity Planning: A written disaster recovery planned should be housed on the premises as well as at the offsite location. Periodic testing of backup tapes to determine if they are functional in case of a disaster where they will need to be implemented.
7
Physical construction of the buildings should be reviewed to determine if the computer systems are safe from flooding, fire and other disasters that can cause them to be non-functional. An uninterruptable power supply should be installed to insure the continued transmission of data in case of a power failure. Insurance coverage should be taken out to replace damaged systems and facilities in order to facilitate the quick recovery of the primary business location. Emergency supplies and backups of source documents should be placed at the disaster recovery site to ensure operations can continue as planned and that the necessary documents are available to continue operations as planned.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.