1. Discuss the difference between a Continuity of Operations Plan (COOP), a Busi
ID: 3903102 • Letter: 1
Question
1. Discuss the difference between a Continuity of Operations Plan (COOP), a Business Continuity Plan (BCP), and a Disaster Recovery Plan (DRP). You might want to start with the definitions from the NIST SP 800-34, located at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf. Section 3.5 discusses the different types of Plan Testing, Training, and Exercises.
2. What would be your recommendation for training personnel on your BCP and DRP at the project organization? (Course: Information Security and Risk Management)
Note: Please answer in detail and complete, read the question twice before answer. Thanks
Explanation / Answer
1)Answer:
Continuity of Operations Plan (COOP):
A Continuity of Operations Plan or COOP is part of a principle called continuity of operations that helps to ensure trouble-free operations through unanticipated events. Many attribute this term and idea to the U.S. Federal government which has mandated that agencies need to provide for continuity of operations in many different crises
Many enterprises also maintain these kinds of plans. In the business world, a Continuity of Operations Plan is often called disaster planning or recovery plan. Businesses that are not mandated to maintain these kinds of plans often do so in order to minimize economic damage after a crisis. There are a range of different techniques and strategies that can be part of a Continuity of Operations Plan. Businesses and agencies can create fault tolerant systems and redundant storage so that sensitive data is maintained through an emergency. They can also invest in redundant hardware systems so that an office can still function if a local site is compromised.
Other forms of Continuity of Operations planning involve planning for individual business processes and applications to continue directly after a crisis. Planners can create systems for moving data and operations off site. New data and document handling systems provide a lot of these features as a kind of insurance against emergencies.
Business Continuity Plan (BCP):
A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business is not able to occur under normal conditions. Businesses need to look at all such potential threats and devise BCPs to ensure continued operations should the threat become a reality.
A business continuity plan involves the following:
When developing a BCP all threats that could cease regular business should be determined. The next step is to determine the most significant tasks required to continue operations. Who are the necessary people and what are the tools and information needed to continue operation?
There should be a list of people in management and their contact information included in the BCP. These people should have each other’s contact information at home. If it is impossible to get to the office, they should be able to contact each other and make plans for resuming operations, at both home offices and offsite locations. This includes use of data backup and disaster recovery plans.
Many people need to be involved in creating a BCP. The responsibility for creating a BCP should not fall on any one person alone.
Disaster Recovery Plan (DRP):
A Disaster Recovery Plan (DRP) is a business plan that describes how work can be resumed quickly and effectively after a disaster. Disaster recovery planning is just part of business continuity planning and applied to aspects of an organization that rely on an IT infrastructure to function.
The overall idea is to develop a plan that will allow the IT department to recover enough data and system functionality to allow a business or organization to operate - even possibly at a minimal level.
The creation of a DRP begins with a DRP proposal to achieve upper level management support. Then a business impact analysis (BIA) is needed to determine which business functions are the most critical and the requirements to get the IT components of those functions operational again after a disaster, either on-site or off-site
Every employee must be made aware of the DRP and when implemented, effective communication is essential. The DRP must include a comprehensive off-site data backup and an on/off-site recovery plan.
The biggest issue may be the sourcing of an alternate location with adequate equipment, but there are many places where data center time and bandwidth can be rented so these arrangements could also be included in a DRP. Some companies can operate from just a single server so a backup machine can be kept at a remote location and kept up to date with a regular backup of the essential data required to operate being made. This would suit a small organization, but where there are more computers and a data center involved there needs to be a more extensive plan made.
A DRP may require employees to relocate to a hotsite to resume work, if work cannot be conducted at the normal business site. This hotsite is an off-site location supplied with the computer equipment and data necessary to continue an organization's normal work.
It is imperative that organizations not only develop a DRP but also test it, train personnel and document it properly before a real disaster occurs. This is one reason why off-site hosting of all IT services can be a good choice for the protection they provide; in disaster situations personnel can access data easily from a new location, whereas relocating a terminally damaged data centre and getting it operational again is not an easy job.
Often a specialized disaster recovery planning consultant is hired to assist organizations in attending to the many details that can arise during such contingency planning.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.