1. BCP Planning
    1. Management
      1. availability
      2. reliability
      3. recoverability
    2. Reasons
      1. response in emergency
      2. save lives
      3. reduce business impact
      4. resume business functions
      5. work with externals
      6. reduce confusion
      7. ensure survivability of business
      8. get up and running asap
    3. Standards
      1. NIST/ISO/BS
    4. Guidelines
      1. 1.document policy
      2. 2.BIA
      3. 3.identify preventive controls
      4. 4.recovery strategies
      5. 5.contingency plans
      6. 6.test plan
      7. 7.maintain plan
    5. Types of Plan
      1. business resumption plan
      2. coop
      3. IT contingency
      4. crisis communications
      5. cyber incident response
      6. DR plan
    6. Goals
      1. responsibility
      2. authority
      3. priorities
      4. implementation and testing
    7. Phases
      1. initiation phase
      2. activation phase
      3. recovery
      4. reconstruction
  2. BCP Project
    1. components
      1. coordinator
      2. committee
    2. Scope
    3. policy
      1. component
      2. organisational impact
      3. laws and regulations
      4. good practices
      5. gap analysis
      6. draft policy, review and feedback
      7. approval and publish
    4. project mgt
      1. SWOT and Plan
    5. BIA
      1. Identify threats
      2. risk assessment
      3. value assignment
        1. MTD/MPTD
          1. critical 0h (minutes to hours)
          2. urgent 24h
          3. important 72h
          4. normal 7d
          5. nonessential > 30d
      4. interdependencies
      5. Steps
        1. 1. select people to interview
        2. 2. create surveys
        3. 3. indentify companies critical functions
        4. 4. identify resources these functions depend upon
        5. 5. calculate ow long functions can survice without resources
        6. 6. identify vulnerabilities and threats to these functions
        7. 7. calculate risk for each function
        8. 8. document findings and report to management
    6. preventive measures
  3. Recovery Strategy
    1. DR Metrics
      1. RPO, RTO, WRT, MTO
    2. Business process recovery
    3. facility recovery
      1. nondisaster <1d, disaster, catastrophe
      2. mtbf, mttr
      3. hot site, warm site, cold site
        1. hot internal site
      4. reciprocal aggreements
      5. redundant sites
      6. outsourcing
    4. insurance
      1. business interruption insurance policy
    5. recovery teams
      1. damage assessment
      2. legal
      3. media relations
      4. relocation
      5. restoration
      6. salvage
      7. security
  4. Technology Recovery
    1. hardware backups
    2. software backups
    3. documentation
    4. HR
    5. databackups
      1. full backups
      2. differential
        1. no reset of archive bit
      3. incremental
        1. longest to restore-add all increments in order
    6. electronic backups
      1. data shadowing
      2. vaulting
      3. remote journaling
      4. replication
        1. synchronous
        2. asynchronous
    7. HA
      1. redundancy
      2. fault tolerance
  5. Testing and Maintenance
    1. testing
      1. checklist
      2. structured walkthrough
      3. simulation test
      4. parallel
      5. full interruption
    2. maintainance
      1. maintain plan