250 8.7 Chapter Summary
Responsibilities for various aspects of BCP maintenance are also estab-
lished. Ongoing responsibilities should be defined to ensure appropriate
BCP maintenance. The groups shown in Table 8.1 have specific BCP main-
tenance responsibilities.
8.7 Chapter Summary
In this chapter, we discussed the importance of maintaining a business con-
tinuity plan. The process of maintaining the business continuity plan
includes the use of change control procedures to make updates to the plan
and keep the plan current with BCP data synchronization. You should
assign responsibilities for maintenance of each part of the plan and test all
changes that are made to it. We recommended that you implement a pro-
cess to advise BCP training staff of plan updates/changes and conduct peri-
Table 8.1 Roles and Responsibilities of Recovery Team Participants.
Role Responsibility
Recovery Coordinator Manages BCP, coordinates recovery teams, provides
updates to Executive Management. Should ensure the fol-
lowing on a semi-annual basis:
Schedule and coordinate BCP training and testing
Coordinate BCP document reviews, changes, and
approvals from relevant parties
Ensure BCP is disseminated to all parties concerned
Maintain alternate processing site contracts, mainte-
nance, and service level agreements
Recovery Team Execute documented steps in the BCP to recover downed
systems. Annually, the team should:
Maintain team-specific procedures
Update reference information pertinent to team pro-
Train and test in relevant BCP sections
Users Identify and ensure key information needed to per-
form job function is stored offsite
Undergo awareness training
Participate in BCP training/testing
8.7 Chapter Summary 251
Chapter 8
odic BCP maintenance. The maintenance frequency is often a matter
unique to each business, but we recommend at least a semi-annual review.
When you develop plan maintenance procedures, ensure that scheduled
maintenance and unscheduled maintenance activities are included. It is
important to designate maintenance responsibilities to someone or to some
group who will can adequately manage the task. BCP distribution issues
will need to be addressed by this team. They should also develop and con-
duct regular awareness and training programs. It is necessary to monitor
and review the program to ensure it is effective. For the team maintaining
the plan, it is necessary to outline each member’s roles and responsibilities
for maintaining the BCP plan; follow up to ensure they live up to those
roles and responsibilities.
This book has provided you with the information fundamental to devel-
opment of a solid BCP for your organization. There are abundant resources
readily available to help you review, improve, and exercise your plans once
you get them developed and ready to test. Should the need arise to move
from a test to an actual event, the knowledge and insight you have gained
from this book will, we hope, assist you in your recovery and restoration
process. Remember, every day, potential disasters happen. You have the
knowledge now to be prepared and make the process manageable if you are
ever in that situation. Good luck.
This Page Intentionally Left Blank

Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.