Answer the following questions, specific to the creation and focus of Business Impact Analysis as well as BCP documentation.
Lab Assessment Questions & Answers
1 What is the goal and purpose of a BIA?
To identify which business units, operations, and processes are crucial to the survival of the business.
2 Why is a business impact analysis (BIA) an important first step in defining a business continuity plan (BCP)? BIA identifies what is crucial which sets the path for what will be included in the BCP.
3 How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure? Risk Management/Risk Assessment identify risks/vulnerabilities to the 7 domains of an IT infrastructure. BIA is basically doing the same thing but at the entire organization level.
4 True or False – If the Recovery Point Objective (RPO) metric does not equal the Recovery Time Objective (RTO), you may potentially lose data or not have data backed-up to recover. This represents a gap in potential lost or unrecoverable data. False
5 What questions would you have for executive management prior to finalizing a BIA report? What is the Maximum Acceptable Outage of a specific server or service? What are some critical business functions?
What are the recovery objectives?
6 How does a BCP help mitigate risk?
Mitigates risk by ensuring the organization is better prepared for disasters. 7 What kind of risk does a BCP help mitigate? It is mitigating the risk of disaster that either destroys the server or building the server is in. 8 If you have business liability insurance, asset replacement insurance, and natural disaster insurance, do you still need a BCP or DRP? Why or why not? Yes you still need a BCP/DRP as insurance will reimburse you money to help rebuild, but they cannot provide you company data and that is what is needed for survivability.
9 What does a BIA help define for a BCP?
Defines what systems and services are critical to the survival of an organization.
10 Who should participate in the development of BCP within an organization? IT Personnel and top level management.
11 Why does disaster planning and disaster recovery belong in a BCP? BCP ensures that the entire business can continue to operate in the event of a disruption, this includes disaster planning and recovery as loss of systems or services affects the organization. 12 What is the purpose of having documented IT system, application, and data recovery procedures and steps? So in the event something happens IT is not scrambling to try and figure out what to do. They set clear guidelines and instructions on what to do and when. If this is not clearly documented the RTO could be impacted which will result in UNHAPPY management and possible loss of revenue. 13 Why must you include testing of the plan in your BCP?
Having a BCP is great but testing it proves that it works. You would not want to be in a situation when you need to failover and it is not working and this could have been resolved prior to the actual outage if it was tested. 14 How often should you update your BCP document?
This should be updated at a minimum annually, semi-annually is probably a better target to shoot for.