BUSINESS CONTINUITY PLANNING
What will you do when bad things happen to your business?
Phase 1 - Discovery. We begin by discussing your business and what keeps it functioning on a day to day basis. From there, we identify the critical resources needed to make everything work. We continue by focusing on each area, determining how long each of those critical areas can be down for without serious business impact, and what the impact would be if those resources were missing beyond that time. Together, we estalish recovery time objectives for each area. When we start talking about data, we’ll also discuss how much data can be lost before business impact occurs. At the end of Phase 1, you will have a solid understanding of how your business functions, what the critical components are, and how long they can possibly be down for before the business is seriously affected. We will have identified key personnel, key functions, critical data, recovery point objectives, and recovery time objecives.
Phase 2 - Assessment. The assessment phase is a continuation of the discovery phase, the critical assessment of what makes your business run and how much can be broken before serious business impact occurs. YottaByte Security facilitates the assessment by helping you uncover what controls, if any, you have in place to assure yourself those critical functions remain viable; these are called controls. We’ll identify simple controls you can institute right away. At the end of phase 1, you will have identified business continuity controls. You will have identified other controls you can add to your list of business continuity controls to further mitigate the risk of a business continuity event. Finally, you will have identified other areas where the controls needed are more complex, require financial planning, or time budgeting.
Phase 3 - Planning. The planning phase occurs after discovery has been done and an assessment of in place controls has occured. YottaByte Security will bring recommendations for cost effective business contiunuity controls, an understanding of recommended technologies, cost (operational and capital), and implementation timelines. At the conclusion of the Planning phase, you will have a solid understanding of your organization’s critical functions, critical data, recovery point objectives, recovery time objectives, in place business continuity controls, needed business continuity controls, and all the planning elements needed to inform your own internal discussion about how much business continuity risk you’re willing to accept and how what, if any, controls you want to plan for in the future.
Phase 4 - Implementation. You’ve done the analysis, planning, and know what you want to accompllish in what time frame. YottaByte Security does the technical implementation for you, or leads your IT team through the implementation process. YottaByte Security helps you write policies, write procedures, and train your users so they are business continuity conscious and properly implement the controls you’ve selected.
Phase 5 - Audit. Audits give you the confidence that business continuity controls are functioning as designed. In the planning stage, you designed business continuity controls to be sure you’ve mitigated risk. In the implementation phase, you put controls in place. The audit assures you the technical controls are still operating as designed, people are carrying out their responsibilities, and risk has been mitigated to the level you think it has. The audit phase begins with the control design we documented in the planning phase along with any implementation notes. YottaByte Security then designs an custom audit procedure for your organization and presents it to you for approval. We schedule time with those involved to collect evidence, evaluate it, and deliver a written report to you disccusing how each control performed. We audit the controls you want audited. We recommend audit procedures and work with you to determine the best way to carry them out in your organization.